Vladimir Rotanov

6 exploits Active since Oct 2020
CVE-2021-42261 NOMISEC HIGH WRITEUP
Revisor Video Management System < 2.0.0 - Path Traversal
Revisor Video Management System (VMS) before 2.0.0 has a directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of restricted directory on the remote server. This could lead to the disclosure of sensitive data on the vulnerable server.
1 stars
CVSS 7.5
CVE-2020-28414 NOMISEC MEDIUM WRITEUP
TranzWare Payment Gateway 3.1.12.3.2 - Unauthenticated Reflected Cross-Site Scripting via Crafted URL
A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url (different vector than CVE-2020-28415).
1 stars
CVSS 6.1
CVE-2020-28415 NOMISEC MEDIUM WRITEUP
TranzWare Payment Gateway 3.1.12.3.2 - Unauthenticated Reflected Cross-Site Scripting via Crafted URL
A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url (different vector than CVE-2020-28414).
1 stars
CVSS 6.1
CVE-2020-28414 WRITEUP MEDIUM WRITEUP
TranzWare Payment Gateway 3.1.12.3.2 - Unauthenticated Reflected Cross-Site Scripting via Crafted URL
A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url (different vector than CVE-2020-28415).
CVSS 6.1
CVE-2020-28415 WRITEUP MEDIUM WRITEUP
TranzWare Payment Gateway 3.1.12.3.2 - Unauthenticated Reflected Cross-Site Scripting via Crafted URL
A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url (different vector than CVE-2020-28414).
CVSS 6.1
CVE-2020-26166 WRITEUP MEDIUM WRITEUP
qdPM 9.1 - Authenticated Stored Cross-Site Scripting via Attachments Info Parameter
The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. This can occur during creation of a ticket, project, or task.
CVSS 5.4