Vladimir Rotanov

Researcher fromJet Infosystems
#10944of 53,635
25.1Total CVSS
Vulnerabilities · 4
Medium
3
High
1
PT-2021-23569
7.5
2021-10-19
Unknown · Revisor Video Management System · CVE-2021-42261
**Name of the Vulnerable Software and Affected Versions** Revisor Video Management System (VMS) versions prior to 2.0.0 **Description** The issue allows an attacker to traverse the file system and access files or directories outside of the restricted directory on the remote server, potentially leading to the disclosure of sensitive data. **Recommendations** For versions prior to 2.0.0, update to version 2.0.0 or later to resolve the issue.
PT-2020-17006
6.1
2020-11-12
Compass Plus · Tranzware Payment Gateway · CVE-2020-28414
**Name of the Vulnerable Software and Affected Versions** TranzWare Payment Gateway version 3.1.12.3.2 **Description** A reflected cross-site scripting issue exists, allowing a remote unauthenticated attacker to execute arbitrary HTML code via a crafted URL. **Recommendations** For version 3.1.12.3.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2020-17007
6.1
2020-11-12
Compass Plus · Tranzware Payment Gateway · CVE-2020-28415
**Name of the Vulnerable Software and Affected Versions** TranzWare Payment Gateway version 3.1.12.3.2 **Description** A reflected cross-site scripting issue exists, allowing a remote unauthenticated attacker to execute arbitrary HTML code via a crafted URL. **Recommendations** For version 3.1.12.3.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2020-16323
5.4
2020-10-05
Qdpm · Qdpm · CVE-2020-26166
**Name of the Vulnerable Software and Affected Versions** qdPM version 9.1 **Description** The file upload functionality in qdPM does not check the file description, allowing remote authenticated attackers to inject web script or HTML via the `attachments info` parameter. This issue can occur during the creation of a ticket, project, or task. **Recommendations** For qdPM version 9.1, consider disabling the file upload functionality until a patch is available to prevent exploitation. Restrict access to the file upload feature to minimize the risk of injection attacks. Avoid using the `attachments info` parameter in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.