Halil Dalabasmaz

Pesquisador deBGA Security Team
#13008de 53,633
20.4CVSS total
Vulnerabilidades · 4
Média
3
Alta
1
PT-2015-5659
4.3
2015-03-03
Beehive Forum · Beehive Forum · CVE-2015-2198
**Name of the Vulnerable Software and Affected Versions** Beehive Forum version 1.4.4 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `homepage url`, `pic url`, or `avatar url` parameter in edit prefs.php, which are not properly handled in an error message. **Recommendations** For Beehive Forum version 1.4.4, as a temporary workaround, consider restricting access to the edit prefs.php file until a patch is available, and avoid using the `homepage url`, `pic url`, or `avatar url` parameters in this context. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2015-3619
4.3
2015-01-13
Unknown · Clientresponse · CVE-2014-100013
**Name of the Vulnerable Software and Affected Versions** clientResponse version 4.1 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `Subject` or `Message` field, potentially leading to cross-site scripting (XSS) attacks. **Recommendations** For clientResponse version 4.1, consider validating and sanitizing user input in the `Subject` and `Message` fields to prevent XSS attacks. As a temporary workaround, restrict user input to minimize the risk of exploitation.
PT-2015-4257
4.3
2015-01-05
Unknown · Social Microblogging Pro · CVE-2014-9516
**Name of the Vulnerable Software and Affected Versions** Social Microblogging PRO version 1.5 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the PATH INFO to the default URI. The vulnerability is specifically related to the "Web Site" input in the Profile section. **Recommendations** For Social Microblogging PRO version 1.5, consider restricting access to the Profile section until a fix is available, and avoid using the "Web Site" input field to minimize the risk of exploitation.
PT-2014-8776
7.5
2014-11-20
Digitalvidhya · Digitalvidhya Digi Online Examination System · CVE-2014-8997
**Name of the Vulnerable Software and Affected Versions** DigitalVidhya Digi Online Examination System version 2.0 **Description** The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the Photo functionality, then accessing it via a direct request to the file in `assets/uploads/images/`. This is due to an unrestricted file upload vulnerability. **Recommendations** For DigitalVidhya Digi Online Examination System version 2.0, consider restricting file uploads to only allow non-executable file extensions as a temporary workaround until a patch is available. Restrict access to the `assets/uploads/images/` directory to minimize the risk of exploitation.