Simon Bieber

Researcher fromsecuvera GmbH
#9031of 53,632
30.2Total CVSS
Vulnerabilities · 5
Medium
4
High
1
PT-2024-25933
6.1
2024-05-06
Drupal · Drupal Wiki · CVE-2024-34481
**Name of the Vulnerable Software and Affected Versions** Drupal Wiki versions prior to 8.31.1 **Description** The issue allows for XSS attacks via comments, captions, and image titles of a Wiki page. **Recommendations** For versions prior to 8.31.1, update to version 8.31.1 or later to resolve the issue.
PT-2021-20540
7.2
2021-06-10
Microsoft · Windows · CVE-2021-34546
Name of the Vulnerable Software and Affected Versions: NetSetMan Pro versions prior to 5.0 Description: An unauthenticated attacker with physical access to a computer, where the pre-logon profile switch button within the Windows logon screen is enabled, can drop to an administrative shell and execute arbitrary commands as SYSTEM via the "save log to file" feature by navigating to cmd.exe. Recommendations: For versions prior to 5.0, update to version 5.0 or later to resolve the issue. As a temporary workaround, consider disabling the pre-logon profile switch button within the Windows logon screen to minimize the risk of exploitation.
PT-2018-9452
6.1
2018-06-26
Ocs Inventory · Ocs Inventory Ng · CVE-2018-1000557
**Name of the Vulnerable Software and Affected Versions** OCS Inventory NG version ocsreports 2.4 **Description** The issue concerns a Cross Site Scripting (XSS) vulnerability in the login form and search functionality. This allows an attacker to execute arbitrary JavaScript code within a victim's browser. The attack is exploitable if the victim opens a crafted link to the application. **Recommendations** For OCS Inventory NG version ocsreports 2.4, update to version 2.4.1 to resolve the issue.
PT-2018-9453
6.5
2018-06-26
Ocs Inventory · Ocs Inventory Ng · CVE-2018-1000558
**Name of the Vulnerable Software and Affected Versions** OCS Inventory NG ocsreports versions 2.3.1 through 2.4 **Description** The issue allows an authenticated attacker to gain full access to data stored within the database due to a SQL Injection vulnerability in the web search function. This can be exploited by sending crafted requests to gain database access. **Recommendations** For versions 2.3.1 through 2.4, update to version 2.4.1 to resolve the issue.
PT-2014-2627
4.3
2014-01-22
E107 · E107 · CVE-2013-2750
**Name of the Vulnerable Software and Affected Versions** e107 versions prior to 1.0.3 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the query string. This is due to a vulnerability in the content preset.php file within the e107 plugins/content/handlers directory. **Recommendations** For versions prior to 1.0.3, update to version 1.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the content preset.php file to minimize the risk of exploitation.