Rodrigo Escobar

Researcher fromPatchStack
#6425of 53,624
42.4Total CVSS
Vulnerabilities · 5
Medium
1
High
2
Critical
2
PT-2024-11707
7.7
2024-05-17
Unknown · Lenderd 1003 Mortgage Application · CVE-2022-45368
**Name of the Vulnerable Software and Affected Versions** Lenderd 1003 Mortgage Application versions 1.75 and earlier **Description** The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability, which allows Relative Path Traversal. This enables remote attacks. The estimated number of potentially affected devices is not specified. **Recommendations** For versions 1.75 and earlier, update to a version that contains a fix for this issue to protect against severe path traversal vulnerability. As a temporary workaround, consider restricting access to sensitive directories to minimize the risk of exploitation. Review logs for signs of exploit to identify potential security breaches.
PT-2024-20744
10
2024-04-03
Canto · Canto · CVE-2024-25096
**Name of the Vulnerable Software and Affected Versions** Canto versions 3.0.7 and earlier **Description** The issue is related to improper control of generation of code, also known as 'Code Injection'. This allows for code injection in Canto Inc.'s Canto. **Recommendations** For versions 3.0.7 and earlier, update to a version later than 3.0.7 to resolve the issue. As a temporary workaround, consider restricting access to any functionality that allows code generation or execution until a patch is available.
PT-2023-14647
9.8
2023-11-07
Unknown · Lenderd 1003 Mortgage Application · CVE-2022-45357
**Name of the Vulnerable Software and Affected Versions** Lenderd 1003 Mortgage Application versions 1.75 and earlier **Description** The issue is related to the improper neutralization of formula elements in a CSV file, which affects the 1003 Mortgage Application. **Recommendations** For versions 1.75 and earlier, update to a version that fixes the improper neutralization of formula elements in a CSV file.
PT-2023-14650
5.9
2023-04-23
Boris Kuzmanov · 0Mk Shortener Plugin · CVE-2022-45361
**Name of the Vulnerable Software and Affected Versions** Boris Kuzmanov 0mk Shortener plugin versions 0.2 and earlier **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For Boris Kuzmanov 0mk Shortener plugin versions 0.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2012-4655
9.0
2012-09-25
Ibm · Ibm Informix Dynamic Server · CVE-2012-3334
**Name of the Vulnerable Software and Affected Versions** IBM Informix Dynamic Server (IDS) versions 11.50 before 11.50.xC9W2 IBM Informix Dynamic Server (IDS) versions 11.70 before 11.70.xC5 **Description** A stack-based buffer overflow issue allows remote authenticated users to execute arbitrary code via crafted arguments in a SET COLLATION statement. **Recommendations** For IBM Informix Dynamic Server (IDS) versions 11.50 before 11.50.xC9W2, update to version 11.50.xC9W2 or later. For IBM Informix Dynamic Server (IDS) versions 11.70 before 11.70.xC5, update to version 11.70.xC5 or later.