Ravindra Singh Rathore

#11832of 53,638
23.2Total CVSS
Vulnerabilities · 3
Medium
2
Critical
1
PT-2017-8946
9.6
2017-05-25
Sap · Sap Business One For Android · CVE-2016-6256
**Name of the Vulnerable Software and Affected Versions** SAP Business One for Android version 1.2.3 **Description** The issue allows remote attackers to conduct XML External Entity (XXE) attacks. This is achieved by sending crafted XML data in a request to the "B1iXcellerator/exec/soap/vP.001sap0003.in WCSX/com.sap.b1i.vplatform.runtime/INB WS CALL SYNC XPT/INB WS CALL SYNC XPT.ipo/proc" API endpoint. **Recommendations** For SAP Business One for Android version 1.2.3, consider restricting access to the vulnerable API endpoint "B1iXcellerator/exec/soap/vP.001sap0003.in WCSX/com.sap.b1i.vplatform.runtime/INB WS CALL SYNC XPT/INB WS CALL SYNC XPT.ipo/proc" until a patch is available.
PT-2014-5333
6.8
2014-02-07
Wikimedia · Mediawiki · CVE-2014-3454
**Name of the Vulnerable Software and Affected Versions** MediaWiki SemanticForms extension versions prior to 1.19.10 MediaWiki SemanticForms extension versions 1.2x prior to 1.21.4 MediaWiki SemanticForms extension versions 1.22.x prior to 1.22.1 **Description** A cross-site request forgery (CSRF) issue exists in the Special:CreateCategory feature of the SemanticForms extension for MediaWiki. This allows remote attackers to hijack user authentication for category creation requests. **Recommendations** For MediaWiki SemanticForms extension versions prior to 1.19.10, update to version 1.19.10 or later. For MediaWiki SemanticForms extension versions 1.2x prior to 1.21.4, update to version 1.21.4 or later. For MediaWiki SemanticForms extension versions 1.22.x prior to 1.22.1, update to version 1.22.1 or later.
PT-2014-5334
6.8
2014-02-07
Wikimedia · Mediawiki · CVE-2014-3455
**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.19.10 MediaWiki versions 1.20.x (all versions) MediaWiki versions 1.21.x prior to 1.21.4 MediaWiki versions 1.22.x prior to 1.22.1 **Description** The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities in specific special pages of the SemanticForms extension. These vulnerabilities allow remote attackers to hijack user authentication for requests with unspecified impact. The affected special pages include CreateProperty, CreateTemplate, CreateForm, and CreateClass. **Recommendations** For MediaWiki versions prior to 1.19.10, update to version 1.19.10 or later. For MediaWiki versions 1.20.x, update to version 1.21.4 or later. For MediaWiki versions 1.21.x prior to 1.21.4, update to version 1.21.4 or later. For MediaWiki versions 1.22.x prior to 1.22.1, update to version 1.22.1 or later.