Wang Jing

Researcher fromNanyang Technological University (NTU), Singapore
#9296of 53,635
29.4Total CVSS
Vulnerabilities · 5
Medium
4
High
1
PT-2019-7251
6.8
2019-08-08
6Kbbs · 6Kbbs · CVE-2015-9292
**Name of the Vulnerable Software and Affected Versions** 6kbbs versions 7.1 through 8.0 **Description** The issue allows for CSRF attacks via specific API endpoints, including "portalchannel ajax.php" with `id` or `code` parameters, and "admin.php" with a `fileids` parameter. **Recommendations** For versions 7.1 and 8.0, consider restricting access to the "portalchannel ajax.php" and "admin.php" endpoints to minimize the risk of exploitation. As a temporary workaround, avoid using the `id`, `code`, and `fileids` parameters in the affected API endpoints until the issue is resolved.
PT-2017-6362
4.3
2017-08-28
Smartcms · Smartcms · CVE-2014-9557
**Name of the Vulnerable Software and Affected Versions** SmartCMS version 2 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. **Recommendations** For SmartCMS version 2, update to a newer version that contains a fix for this issue.
PT-2015-5779
7.5
2015-03-20
Vastal I Tech · Phpvid · CVE-2015-2563
**Name of the Vulnerable Software and Affected Versions** Vastal I-Tech phpVID versions 0.9.9 through 1.2.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `order by` parameter in the groups.php file. **Recommendations** For versions 0.9.9 through 1.2.3, consider restricting access to the `order by` parameter in the groups.php file to minimize the risk of exploitation. Avoid using the `order by` parameter until the issue is resolved.
PT-2015-5663
5.0
2015-03-04
Dlguard · Dlguard · CVE-2015-2209
**Name of the Vulnerable Software and Affected Versions** DLGuard version 4.5 **Description** The issue allows remote attackers to obtain the installation path. This is achieved via the `c` parameter to the "index.php" endpoint. **Recommendations** For DLGuard version 4.5, consider restricting access to the "index.php" endpoint until a patch is available. As a temporary workaround, avoid using the `c` parameter in the "index.php" endpoint to minimize the risk of exploitation.
PT-2015-3926
5.8
2015-01-02
Ex Libris · Ex Libris Patron Directory Services (Pds) Nyu Opensso Integration · CVE-2014-7294
**Name of the Vulnerable Software and Affected Versions** Ex Libris Patron Directory Services (PDS) NYU OpenSSO Integration versions 2.1 and earlier **Description** The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the `url` parameter. This can be exploited by including a malicious URL in the `url` parameter, potentially leading to phishing attacks. **Recommendations** For Ex Libris Patron Directory Services (PDS) NYU OpenSSO Integration versions 2.1 and earlier, consider restricting access to the logon page or validating the `url` parameter to prevent redirects to arbitrary web sites until a fix is available.