ServiceTonic SQL Injection Vulnerability

ServiceTonic, an ITIL-compliant service desk and enterprise services software, has a SQL injection vulnerability in the login form in versions prior to ServiceTonic 9.0.35937. An attacker could exploit the vulnerability to steal information via a specially crafted, HQL-compatible, time-series SQL...

ServiceTonic Improper Access Control Vulnerability

ServiceTonic is an ITIL-compliant service desk and enterprise services software. serviceTonic versions prior to 9.0.35937 are vulnerable to an improper access control vulnerability. An attacker could exploit this vulnerability to gain unauthorized access to the system via the login form, allowing...

ServiceTonic Arbitrary File Upload Vulnerability

ServiceTonic is an ITIL-compliant service desk and enterprise service software. serviceTonic versions prior to 9.0.35937 have an arbitrary file upload vulnerability in the service import feature. An attacker could exploit the vulnerability to execute JSP code by uploading a zip file that extracts...

GLPI 0.90.2 SQL Injection

Advisory ID: HTB23301 Product: GLPI Vendor: INDEPNET Vulnerable Versions: 0.90.2 and probably prior Tested Version: 0.90.2 Advisory Publication: April 8, 2016 without technical details Vendor Notification: April 8, 2016 Vendor Patch: April 11, 2016 Public Disclosure: April 29, 2016 Vulnerability...