Jerzy Kramarz

Researcher fromPortcullis Computer Security Limited
#7729of 53,635
35.5Total CVSS
Vulnerabilities · 5
Medium
2
High
3
PT-2020-7648
7.5
2020-01-09
Unknown · Bss Continuity Cms · CVE-2014-3448
**Name of the Vulnerable Software and Affected Versions** BSS Continuity CMS version 4.2.22640.0 **Description** The issue is related to a Remote Code Execution vulnerability caused by unauthenticated file upload. **Recommendations** For version 4.2.22640.0, update to a newer version that contains a fix for this issue.
PT-2020-7649
7.5
2020-01-09
Unknown · Bss Continuity Cms · CVE-2014-3449
**Name of the Vulnerable Software and Affected Versions** BSS Continuity CMS version 4.2.22640.0 **Description** The issue is related to an Authentication Bypass. **Recommendations** For version 4.2.22640.0, at the moment, there is no information about a newer version that contains a fix for this issue.
PT-2014-7815
6.5
2014-11-04
Enalean · Tuleap · CVE-2014-7176
**Name of the Vulnerable Software and Affected Versions** Enalean Tuleap versions prior to 7.5.99.4 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `lobal txt` parameter to `plugins/docman` API endpoint. **Recommendations** For versions prior to 7.5.99.4, update to version 7.5.99.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the `plugins/docman` endpoint to minimize the risk of exploitation. Avoid using the `lobal txt` parameter in the affected endpoint until the issue is resolved.
PT-2014-7205
7.5
2014-10-06
Noalyss · Phpcompta/Noalyss · CVE-2014-6389
**Name of the Vulnerable Software and Affected Versions** PHPCompta/NOALYSS versions prior to 6.7.2 **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the `d` parameter of the backup.php file. **Recommendations** For versions prior to 6.7.2, update to version 6.7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the backup.php file to minimize the risk of exploitation. Avoid using the `d` parameter in the backup.php file until the issue is resolved.
PT-2014-4447
6.5
2014-03-13
Procentia · Intellipen · CVE-2014-2043
**Name of the Vulnerable Software and Affected Versions** Procentia IntelliPen versions prior to 1.1.18.1658 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `value` parameter in the Resources/System/Templates/Data.aspx file. **Recommendations** For versions prior to 1.1.18.1658, update to version 1.1.18.1658 or later to resolve the issue.