Lucene search
K

9 matches found

EUVD
EUVD
added 2025/11/17 6:30 p.m.4 views

EUVD-2025-197814

QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment" feature in the "Test Script" module. The application fails to restrict file types, enabling the upload of executable PHP files. Once uploaded, the file can be accessed through the "View Attachment" option,...

8.8CVSS6.5AI score0.00359EPSS
Exploits1References3
NVD
NVD
added 2025/11/17 4:15 p.m.11 views

CVE-2025-63748

QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment" feature in the "Test Script" module. The application fails to restrict file types, enabling the upload of executable PHP files. Once uploaded, the file can be accessed through the "View Attachment" option,...

8.8CVSS0.00359EPSS
Exploits1References1
CVE
CVE
added 2025/11/17 12:0 a.m.17 views

CVE-2025-63748

CVE-2025-63748 affects QaTraq 6.9.2. Authenticated users can upload arbitrary files via the Add Attachment feature in the Test Script module due to insufficient file-type restrictions. Uploaded files (e.g., executable PHP) can be accessed through View Attachment and may execute on the server, ind...

8.8CVSS6.6AI score0.00359EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/17 12:0 a.m.14 views

PT-2025-47158

Name of the Vulnerable Software and Affected Versions QaTraq version 6.9.2 Description Authenticated users can upload arbitrary files through the "Add Attachment" feature within the "Test Script" module. The application does not restrict file types, allowing the upload of executable PHP files...

8.8CVSS7AI score0.00359EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2020/04/22 2:10 p.m.6 views

Ansible: modules which use files encrypted with vault are not properly cleaned up

A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, wincopy, awss3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root...

5.5CVSS7.1AI score0.00376EPSS
Exploits0References4
NVD
NVD
added 2018/06/07 2:29 a.m.20 views

CVE-2017-16206

The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation...

7.5CVSS7.5AI score0.01177EPSS
Exploits0References1
OSV
OSV
added 2018/06/07 2:29 a.m.3 views

CVE-2017-16206

The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation...

7.5CVSS5.8AI score0.01177EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.25 views

CVE-2017-16206

The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation...

7.4AI score0.01177EPSS
Exploits0References1
CNVD
CNVD
added 2015/11/10 12:0 a.m.6 views

IBM DataPower Gateways GatewayScript Module Information Disclosure Vulnerability

IBM DataPower Gateways is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B, and cloud workloads, which protects, integrates, and optimizes access across channels...

2.6CVSS6.5AI score0.01014EPSS
Exploits0References1
Rows per page
Query Builder