69 matches found
CVE-2021-37788
A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device...
Input validation
A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device...
CVE-2021-37788
The CVE-2021-37788 case concerns Gurock TestRail web UI version 5.3.0.3603. The root cause is insufficient input validation of iFrame data in HTTP requests, enabling an unauthenticated, remote attacker to perform a clickjacking attack and potentially affect device integrity. Connected sources (PT...
CVE-2021-37788
A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device...
Gurock Software Gurock TestRail 安全漏洞
Gurock Software Gurock TestRail is a web-based test case management software for QA and development teams from Gurock Software. The software supports the creation of test cases, management of test suites, and coordination of the testing process. A security vulnerability exists in Gurock TestRail...
Dropbox: Leaking API_KEY of testrail of HelloSign gives read/write access
The APIKEY and testrail config details were leaked on Github, which attackers could use to access testrail accounts of HelloSign and perform read/write actions. Impact: Access to testrail account of HelloSign...
Unrestricted file upload
An issue was discovered in Gurock TestRail 5.6.0.3853. An "Unrestricted Upload of File" vulnerability exists in the image-upload form available in the description editor, allowing remote authenticated users to execute arbitrary code by uploading an image file with an executable extension but a sa...
CVE-2018-20063
An issue was discovered in Gurock TestRail 5.6.0.3853. An "Unrestricted Upload of File" vulnerability exists in the image-upload form available in the description editor, allowing remote authenticated users to execute arbitrary code by uploading an image file with an executable extension but a sa...
CVE-2018-20063
An issue was discovered in Gurock TestRail 5.6.0.3853. An "Unrestricted Upload of File" vulnerability exists in the image-upload form available in the description editor, allowing remote authenticated users to execute arbitrary code by uploading an image file with an executable extension but a sa...
CVE-2018-20063
CVE-2018-20063 affects Gurock TestRail 5.6.0.3853. The issue is an Unrestricted Upload of File vulnerability in the image-upload form (in the description editor) that allows remote authenticated users to execute arbitrary code by uploading an image with an executable extension but a safe Content-...
CVE-2018-20063
An issue was discovered in Gurock TestRail 5.6.0.3853. An "Unrestricted Upload of File" vulnerability exists in the image-upload form available in the description editor, allowing remote authenticated users to execute arbitrary code by uploading an image file with an executable extension but a sa...
Path traversal
index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend technology...
CVE-2019-7535
index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend technology...
CVE-2019-7535
index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend technology...
CVE-2019-7535
CVE-2019-7535 affects Gurock TestRail, specifically the index.php endpoint in version 5.3.0.3603. The issue leaks potentially sensitive information when handling an invalid request, demonstrated by full path disclosure and confirmation that PHP is used as the backend technology. The available doc...
CVE-2019-7535
index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend technology...
CloudBees Jenkins Agiletestware Pangolin Connector for TestRail Plugin Data Modification Vulnerability
CloudBees Jenkins is a set of Java-based development of continuous integration tools from CloudBees, Inc. in the U.S. It is mainly used to monitor continuous software version release/testing projects and some timed tasks.Agiletestware Pangolin Connector for TestRail Plugin is A plugin for uploadi...
CVE-2018-1999032
A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint...
CVE-2018-1999032
A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint...
Design/Logic Flaw
A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint...