Vladimir Rotanov

4 exploits Active since Oct 2020
CVE-2021-42261 NOMISEC HIGH WRITEUP
Revisorlab Video Management System < 2.0.0 - Path Traversal
Revisor Video Management System (VMS) before 2.0.0 has a directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of restricted directory on the remote server. This could lead to the disclosure of sensitive data on the vulnerable server.
1 stars
CVSS 7.5
CVE-2020-28414 NOMISEC MEDIUM WRITEUP
Tranzware Payment Gateway - XSS
A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url (different vector than CVE-2020-28415).
1 stars
CVSS 6.1
CVE-2020-28415 NOMISEC MEDIUM WRITEUP
Tranzware Payment Gateway - XSS
A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url (different vector than CVE-2020-28414).
1 stars
CVSS 6.1
CVE-2020-26166 WRITEUP MEDIUM WRITEUP
Qdpm - XSS
The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. This can occur during creation of a ticket, project, or task.
CVSS 5.4