36 matches found
EUVD-2008-6252
Malware in sbrugna...
EUVD-2020-7901
Malware in sbrugna...
EUVD-2020-7900
Malware in sbrugna...
CVE-2020-15929
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file within the application's context containing attacker-defined CFML tags, leading to Remote Code Execution...
CVE-2020-15928
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal...
CVE-2021-4430
A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information disclosure. Upgrading to version 3.1.7 is able to address th...
CVE-2021-4430
A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information disclosure. Upgrading to version 3.1.7 is able to address th...
Design/Logic Flaw
A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information disclosure. Upgrading to version 3.1.7 is able to address th...
CVE-2021-4430
CVE-2021-4430 affects Ortus Solutions ColdBox Elixir 3.1.6, specifically the ENV Variable Handler’s file src/defaultConfig.js, leading to information disclosure. A fix is available in ColdBox Elixir 3.1.7; the patch is identified as a3aa62daea2e44c76d08d1eac63768cd928cd69e, per the vulnerability ...
CVE-2021-4430 Ortus Solutions ColdBox Elixir ENV Variable defaultConfig.js information disclosure
A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information disclosure. Upgrading to version 3.1.7 is able to address th...
CVE-2021-4430 Ortus Solutions ColdBox Elixir ENV Variable defaultConfig.js information disclosure
A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information disclosure. Upgrading to version 3.1.7 is able to address th...
Ortus Solutions ColdBox Elixir Information Disclosure Vulnerability
Ortus Solutions ColdBox Elixir is a professional open source software from Ortus Solutions that provides custom development, training, server tuning, security hardening, code review, professional support and guidance. An information disclosure vulnerability exists in Ortus Solutions ColdBox Elixi...
CVE-2020-15929
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file within the application's context containing attacker-defined CFML tags, leading to Remote Code Execution...
CVE-2020-15928
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal...
CVE-2020-15929
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file within the application's context containing attacker-defined CFML tags, leading to Remote Code Execution...
Directory traversal
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal...
Remote code execution
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file within the application's context containing attacker-defined CFML tags, leading to Remote Code Execution...
CVE-2020-15928
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal...
CVE-2020-15928
In Ortus TestBox versions 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm enable directory traversal, per CVE-2020-15928. Public exploit references exist (e.g., Exploit DB). The root cause is the lack of validation on user-supplied query parameters in that path,...
CVE-2020-15929
Affected software: Ortus TestBox 2.4.0–4.1.0. Vulnerability: unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow writing an arbitrary CFM file within the application context, enabling Remote Code Execution. Root cause: unvalidated/unsafeguarded input in the HTMLRunne...