Iulian Florea

#11293of 53,633
24.4Total CVSS
Vulnerabilities · 3
Medium
1
Critical
2
PT-2024-31825
9.8
2024-09-30
Vegabird · Vegabird Yaazhini · CVE-2024-45873
**Name of the Vulnerable Software and Affected Versions** VegaBird Yaazhini version 2.0.2 **Description** A DLL hijacking issue allows attackers to execute arbitrary code and maintain persistence by placing a crafted DLL file in the same directory as Yaazhini.exe. This enables them to potentially gain control over the system. **Recommendations** For VegaBird Yaazhini version 2.0.2, consider removing or restricting access to the vulnerable DLL files as a temporary workaround until a patch is available. Restrict the ability to place crafted DLL files in the same directory as Yaazhini.exe to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-31826
9.8
2024-09-30
Vegabird · Vegabird Vooki · CVE-2024-45874
**Name of the Vulnerable Software and Affected Versions** VegaBird Vooki version 5.2.9 **Description** A DLL hijacking issue allows attackers to execute arbitrary code and maintain persistence by placing a crafted DLL file in the same directory as Vooki.exe. This enables attackers to potentially gain control over the system. **Recommendations** For VegaBird Vooki version 5.2.9, consider removing or restricting access to the directory where Vooki.exe is located to prevent attackers from placing malicious DLL files. As a temporary workaround, monitor the directory for any suspicious DLL files and remove them immediately. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-30848
4.8
2023-09-08
Pegasystems · Pega Platform · CVE-2023-4843
**Name of the Vulnerable Software and Affected Versions** Pega Platform versions 7.1 to 8.8.3 **Description** The issue is an HTML Injection problem with a `name` field used in Visual Business Director. This field can only be modified by an authenticated administrative user. **Recommendations** For Pega Platform versions 7.1 to 8.8.3, consider restricting access to the `name` field in Visual Business Director to prevent unauthorized modifications until a fix is available. As a temporary workaround, ensure that only trusted administrative users have access to this field.