Long Dang Hoang

4 exploits Active since Jan 2026
CVE-2025-69612 NOMISEC MEDIUM WRITEUP
TMS Management Console < 6.3.7.27386.20250818 - Authenticated Path Traversal via Download Template filePath Parameter
A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818) from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences (../) in the filePath parameter, allowing authenticated users to read arbitrary files, such as the server's Web.config.
1 stars
CVSS 6.5
CVE-2026-30082 NOMISEC MEDIUM WRITEUP
IngEstate Server 11.14.0 - Stored XSS
Multiple stored cross-site scripting (XSS) vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters.
CVSS 6.1
CVE-2025-69612 WRITEUP MEDIUM WRITEUP
TMS Management Console < 6.3.7.27386.20250818 - Authenticated Path Traversal via Download Template filePath Parameter
A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818) from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences (../) in the filePath parameter, allowing authenticated users to read arbitrary files, such as the server's Web.config.
CVSS 6.5
CVE-2026-30082 WRITEUP MEDIUM WRITEUP
IngEstate Server 11.14.0 - Stored XSS
Multiple stored cross-site scripting (XSS) vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters.
CVSS 6.1