Sven Fassbender

#7778of 53,633
35.2Total CVSS
Vulnerabilities · 5
Medium
2
High
2
Critical
1
PT-2022-8983
4.3
2022-06-03
Klapp App · Klapp App · CVE-2020-36532
**Name of the Vulnerable Software and Affected Versions** Klapp App (affected versions not specified) **Description** A vulnerability has been found in the Authorization component of the app, which can lead to information disclosure of credentials. The attack can be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-8984
7.5
2022-06-03
Klapp App · Klapp App · CVE-2020-36533
**Name of the Vulnerable Software and Affected Versions** Klapp App (affected versions not specified) **Description** A vulnerability was found that affects the JSON Web Token Handler, leading to weak authentication. The issue can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2018-18897
9.8
2018-03-31
Sickrage · Sickrage · CVE-2018-9160
**Name of the Vulnerable Software and Affected Versions** SickRage versions prior to 2018.03.09-1 **Description** The issue concerns the inclusion of cleartext credentials in HTTP responses. **Recommendations** For versions prior to 2018.03.09-1, update to version 2018.03.09-1 or later to resolve the issue.
PT-2018-17927
7.5
2018-03-30
Twonky · Twonky Server · CVE-2018-7171
**Name of the Vulnerable Software and Affected Versions** Twonky Server versions 7.0.11 through 8.5 **Description** The issue allows remote attackers to share the contents of arbitrary directories. This is achieved by using a .. (dot dot) in the `contentbase` parameter to the "rpc/set all" endpoint. **Recommendations** For Twonky Server versions 7.0.11 through 8.5, consider restricting access to the `contentbase` parameter in the "rpc/set all" endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the `contentbase` parameter with untrusted input until a patch is available.
PT-2018-17945
6.1
2018-03-30
Twonky · Twonky Server · CVE-2018-7203
**Name of the Vulnerable Software and Affected Versions** Twonky Server versions 7.0.11 through 8.5 **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the `friendlyname` parameter to the "rpc/set all" API endpoint. **Recommendations** For Twonky Server versions 7.0.11 through 8.5, consider restricting access to the `friendlyname` parameter in the "rpc/set all" endpoint until a patch is available.