Long Dang Hoang - Security Researcher - Exploit Intelligence Platform

CVE-2025-69612 NOMISEC MEDIUM WRITEUP

Tmsglobalsoft Tms Management Console - Path Traversal

A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818) from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences (../) in the filePath parameter, allowing authenticated users to read arbitrary files, such as the server's Web.config.

1 stars

CVSS 6.5

View Code

CVE-2026-30082 NOMISEC MEDIUM WRITEUP

IngEstate Server 11.14.0 - Stored XSS

Multiple stored cross-site scripting (XSS) vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters.

CVSS 6.1

View Code

CVE-2025-69612 WRITEUP MEDIUM WRITEUP

Tmsglobalsoft Tms Management Console - Path Traversal

A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818) from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences (../) in the filePath parameter, allowing authenticated users to read arbitrary files, such as the server's Web.config.

CVSS 6.5

View Code

CVE-2026-30082 WRITEUP MEDIUM WRITEUP

IngEstate Server 11.14.0 - Stored XSS

Multiple stored cross-site scripting (XSS) vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters.

CVSS 6.1

View Code