Thomas Konrad

Researcher fromSBA Research
#12651of 53,632
21.4Total CVSS
Vulnerabilities · 3
Medium
1
High
2
PT-2019-13425
6.1
2019-07-11
Ping Identity · Ping Identity Agentless Integration Kit · CVE-2019-13564
**Name of the Vulnerable Software and Affected Versions** Ping Identity Agentless Integration Kit versions prior to 1.5 **Description** The issue is related to a Reflected Cross-site Scripting (XSS) problem. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 1.5, update to version 1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation.
PT-2018-4439
7.5
2018-09-24
Rxtec · Radmin · CVE-2015-8298
**Name of the Vulnerable Software and Affected Versions** RXTEC RXAdmin UPDATE 06 / 2012 **Description** The issue concerns SQL injection vulnerabilities in the login page. Remote attackers can execute arbitrary SQL commands by manipulating specific parameters to the index.htm page, including the `loginpassword`, `loginusername`, `zusatzlicher`, and `groupid` parameters, or by altering the `rxtec` cookie. **Recommendations** For RXTEC RXAdmin UPDATE 06 / 2012, consider restricting access to the login page until a fix is available, and avoid using the vulnerable parameters `loginpassword`, `loginusername`, `zusatzlicher`, and `groupid` in the index.htm page, as well as the `rxtec` cookie.
PT-2018-3780
7.8
2018-04-20
Smarty · Smarty · CVE-2018-13982
**Name of the Vulnerable Software and Affected Versions** Smarty versions prior to 3.1.33 **Description** The issue is related to a path traversal vulnerability due to insufficient template code sanitization in the `Smarty Security::isTrustedResourceDir()` method. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files. The vulnerability can be exploited by a remote attacker to gain unauthorized access to protected information. **Recommendations** For versions prior to 3.1.33, update to version 3.1.33 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.