Preetham Bomma

#9627of 53,633
28.7Total CVSS
Vulnerabilities · 4
Medium
3
Critical
1
PT-2020-14444
10
2020-07-23
Raspberrytortoise · Raspberrytortoise · CVE-2020-15477
**Name of the Vulnerable Software and Affected Versions** RaspberryTortoise versions prior to 2012-10-28 **Description** The issue allows for remote code execution via shell metacharacters in a URI. Specifically, the file nodejs/raspberryTortoise.js lacks validation on the `incomingString` parameter before it is passed to the `child process.exec` function. **Recommendations** For versions prior to 2012-10-28, consider validating the `incomingString` parameter to prevent shell metacharacters from being executed. As a temporary workaround, restrict access to the `child process.exec` function until a proper fix can be applied.
PT-2020-14121
6.1
2020-06-26
Nedi · Nedi · CVE-2020-15016
**Name of the Vulnerable Software and Affected Versions** NeDi version 1.9C **Description** The issue concerns reflected cross-site scripting. The Other-Converter.php file does not properly validate user input, allowing an attacker to exploit this by crafting arbitrary JavaScript in the `txt` GET parameter. **Recommendations** For NeDi version 1.9C, consider restricting access to the Other-Converter.php file until a proper fix is available, and avoid using the `txt` parameter in the affected endpoint to minimize the risk of exploitation.
PT-2020-14122
6.1
2020-06-26
Remedia · Nedi · CVE-2020-15017
**Name of the Vulnerable Software and Affected Versions** NeDi version 1.9C **Description** The issue concerns reflected cross-site scripting. Specifically, the Devices-Config.php file fails to properly validate user input, allowing an attacker to craft arbitrary JavaScript in the `sta` GET parameter. This can be exploited to execute malicious scripts. **Recommendations** For NeDi version 1.9C, as a temporary workaround, consider restricting access to the Devices-Config.php file until a patch is available. Avoid using the `sta` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2020-14123
6.5
2020-06-24
Playsms · Playsms · CVE-2020-15018
**Name of the Vulnerable Software and Affected Versions** playSMS versions 1.4.3 and earlier **Description** The issue allows for session fixation. **Recommendations** For playSMS versions 1.4.3 and earlier, update to a version later than 1.4.3 to resolve the issue.