5 matches found
CVE-2023-48310
TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name and even without. A log file is created at...
CVE-2023-48310 Ability to DoS the testing infrastructure by overwriting files
TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name and even without. A log file is created at...
CVE-2023-48310 Ability to DoS the testing infrastructure by overwriting files
TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name and even without. A log file is created at...
CVE-2023-48310
CVE-2023-48310 affects TestingPlatform prior to version 2.1.1, where unfiltered user input enables creation of log files (even without a host name) and permits arbitrary CIDR scans (e.g., 0.0.0.0/0). Logs are created with root ownership, and existing files can be rendered useless, contributing to...
TestingPlatform Input Validation Error Vulnerability
TestingPlatform is @NC3-LU's standardized testing platform for Internet security. TestingPlatform version 2.1.0 suffers from an input validation error vulnerability that stems from not properly filtering user input, which can be exploited by an attacker to create a log file in a specified locatio...