69 matches found
EUVD-2021-23140
Malware in sbrugna...
EUVD-2018-12638
Malware in sbrugna...
EUVD-2014-4776
Malware in sbrugna...
EUVD-2021-24269
Malware in sbrugna...
EUVD-2019-17077
Malware in sbrugna...
EUVD-2021-31109
Malicious code in bioql PyPI...
EUVD-2022-4843
Malicious code in bioql PyPI...
VulnCheck KEV: CVE-2021-40875
Improper Access Control in Gurock TestRail versions 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The...
CVE-2021-37788
A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device...
CVE-2021-36538
Cross Site Scripting XSS vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports...
CVE-2021-44263
Gurock TestRail before 7.2.4 mishandles HTML escaping...
CVE-2018-1999032
A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint...
TestRail CLI FieldsParser eval Injection
This is not a very exciting vulnerability, but I had already publicly disclosed it on GitHub at the request of the vendor. Since that report has disappeared, the link I had provided to MITRE was invalid, so here it is again. -Devin --- Unsafe eval in TestRail CLI FieldsParser Date Reported:...
CVE-2021-36538
Cross Site Scripting XSS vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports...
CVE-2021-36538
Cross Site Scripting XSS vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports...
Cross site scripting
Cross Site Scripting XSS vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports...
Gurock Software Gurock TestRail 跨站脚本漏洞
Gurock Software Gurock TestRail is a web-based test case management software for QA and development teams from Gurock Software. The software supports the creation of test cases, the management of test suites and the coordination of the testing process. A security vulnerability exists in Gurock...
PT-2023-12285 · Gurock · Gurock Testrail
Name of the Vulnerable Software and Affected Versions: Gurock TestRail versions prior to 7.1.2 Description: The issue allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports. This is a Cross Site Scripting XSS issue...
CVE-2021-36538
Cross Site Scripting XSS vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports...
CVE-2021-36538
CVE-2021-36538 affects Gurock TestRail before 7.1.2. The vulnerability is a cross-site scripting (XSS) flaw that enables remote authenticated attackers to execute arbitrary code via the reference field in milestones or the description fields in reports. The root cause details are not fully descri...