31 matches found
Tyto Sahi pro 7.x/8.x - Local File Inclusion
Tyto Sahi Pro versions through 7.x.x and 8.0.0 are susceptible to a local file inclusion vulnerability in the web reports module which can allow an outside attacker to view contents of sensitive files. id: CVE-2018-20470 info: name: Tyto Sahi pro 7.x/8.x - Local File Inclusion author: daffainfo...
EUVD-2019-6174
Malware in sbrugna...
EUVD-2018-13022
Malware in sbrugna...
EUVD-2018-13026
Malware in sbrugna...
CVE-2019-15102
An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunnerNondistributed and distributed end points does not have any authentication mechanism. This allow an attacker to execute an arbitrary script on the remote Sahi Pro server. There is also a password-protected web interface intende...
VulnCheck KEV: CVE-2018-20470
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal arbitrary file access vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files...
CVE-2019-15102
An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunnerNondistributed and distributed end points does not have any authentication mechanism. This allow an attacker to execute an arbitrary script on the remote Sahi Pro server. There is also a password-protected web interface intende...
Design/Logic Flaw
An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunnerNondistributed and distributed end points does not have any authentication mechanism. This allow an attacker to execute an arbitrary script on the remote Sahi Pro server. There is also a password-protected web interface intende...
CVE-2019-15102
An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunnerNondistributed and distributed end points does not have any authentication mechanism. This allow an attacker to execute an arbitrary script on the remote Sahi Pro server. There is also a password-protected web interface intende...
CVE-2019-15102
Tyto Sahi Pro 6.x–8.0.0 suffers a remote code execution vulnerability due to two issues: (1) TestRunner_Non_distributed and distributed endpoints expose no authentication, allowing arbitrary script execution on the remote server, and (2) a password-protected web interface for script access lacks ...
Sahi pro 8.x - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Sahi pro :/s/dyn/pro/DBReports?sql=SELECT DISTINCT memoryused AS ROWSTATUS, SCRIPTREPORTS.SCRIPTREPORTID,SCRIPTREPORTS.SCRIPTNAME,SUITEREPORTS. FROM SUITEREPORTS,SCRIPTREPORTS 0day.today 2019-06-18...
CVE-2018-20469
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions...
CVE-2018-20469
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions...
CVE-2018-20470
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal arbitrary file access vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files...
CVE-2018-20472
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. The logs web interface is vulnerable to stored XSS...
CVE-2018-20472
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. The logs web interface is vulnerable to stored XSS...
CVE-2018-20468
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A web reports module has "export to excel features" that are vulnerable to CSV injection. An attacker can embed Excel formulas inside an automation script that, when exported after execution, results in code execution...
CVE-2018-20468
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A web reports module has "export to excel features" that are vulnerable to CSV injection. An attacker can embed Excel formulas inside an automation script that, when exported after execution, results in code execution...
Code injection
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A web reports module has "export to excel features" that are vulnerable to CSV injection. An attacker can embed Excel formulas inside an automation script that, when exported after execution, results in code execution...
Cross site scripting
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. The logs web interface is vulnerable to stored XSS...