Lucene search
K

38 matches found

NVD
NVD
added 2022/07/18 1:15 p.m.18 views

CVE-2022-24689

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This allows a remote attacker to access account information pages including personal data without being authenticated. The collected information includes the badge numbers that operate as user login...

5.3CVSS0.00772EPSS
Exploits1References2
Prion
Prion
added 2022/07/18 1:15 p.m.15 views

Sql injection

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A SQL Injection vulnerability allows authenticated users to taint database data and extract sensitive information via crafted HTTP requests. The type of SQL Injection is blind boolean based...

5.5CVSS7AI score0.02732EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2022/07/18 1:15 p.m.18 views

Code injection

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The new menu option within the general Parameters page is vulnerable to stored XSS. The attacker can create a menu option, make it visible to every application user, and conduct session hijacking, account takeover, or malicious code...

4.9CVSS5.7AI score0.02732EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2022/07/18 1:15 p.m.13 views

Code injection

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This allows a remote attacker to access account information pages including personal data without being authenticated. The collected information includes the badge numbers that operate as user login...

5CVSS5.3AI score0.02732EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2022/07/18 1:15 p.m.18 views

Sql injection

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A PresAbs.php SQL Injection vulnerability allows unauthenticated users to taint database data and extract sensitive information via crafted HTTP requests. The type of SQL Injection is blind boolean based. An unauthenticated attacker...

6.4CVSS8.4AI score0.02732EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2022/07/18 1:15 p.m.15 views

Unrestricted file upload

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload and consequently Remote Code Execution via PDF upload with PHP content and a .php extension. The attacker must hijack or obtain privileged user access to the Parameters page in order...

6.5CVSS8.8AI score0.02732EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/07/18 12:34 p.m.76 views

CVE-2022-24692

The CVE-2022-24692 entry concerns DSK DSKNet 2.16.136.0 and 2.17.136.5. A new menu option on the general Parameters page is vulnerable to stored XSS, allowing an attacker to create a menu option visible to all users and potentially perform session hijacking, account takeover, or deliver malicious...

5.4CVSS5.7AI score0.0051EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/07/18 12:34 p.m.16 views

CVE-2022-24692

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The new menu option within the general Parameters page is vulnerable to stored XSS. The attacker can create a menu option, make it visible to every application user, and conduct session hijacking, account takeover, or malicious code...

6AI score0.0051EPSS
Exploits1References2
CVE
CVE
added 2022/07/18 12:34 p.m.78 views

CVE-2022-24691

CVE-2022-24691 affects DSK DSKNet 2.16.136.0 and 2.17.136.5. The vulnerability is a blind boolean-based SQL Injection that allows authenticated users to taint database data and extract sensitive information via crafted HTTP requests.

7.1CVSS7AI score0.00779EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/07/18 12:34 p.m.18 views

CVE-2022-24691

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A SQL Injection vulnerability allows authenticated users to taint database data and extract sensitive information via crafted HTTP requests. The type of SQL Injection is blind boolean based...

7.3AI score0.00779EPSS
Exploits1References2
CVE
CVE
added 2022/07/18 12:34 p.m.87 views

CVE-2022-24690

CVE-2022-24690 : A blind boolean-based SQL injection in PresAbs.php on DSKNet 2.16.136.0 and 2.17.136.5 allows unauthenticated attackers to taint database data and extract sensitive information (e.g., user badge numbers and PINs) via crafted HTTP requests. The issue is linked to Broken Access Con...

8.2CVSS8.4AI score0.00952EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/07/18 12:34 p.m.15 views

CVE-2022-24690

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A PresAbs.php SQL Injection vulnerability allows unauthenticated users to taint database data and extract sensitive information via crafted HTTP requests. The type of SQL Injection is blind boolean based. An unauthenticated attacker...

8.7AI score0.00952EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/07/18 12:34 p.m.24 views

CVE-2022-24689

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This allows a remote attacker to access account information pages including personal data without being authenticated. The collected information includes the badge numbers that operate as user login...

5.6AI score0.00772EPSS
Exploits1References2
CVE
CVE
added 2022/07/18 12:34 p.m.69 views

CVE-2022-24689

The CVE-2022-24689 entry concerns DSK DSKNet 2.16.136.0 and 2.17.136.5, where broken access control allows an unauthenticated remote attacker to view account information pages (including personal data) and obtain login badge numbers; PINs are four-digit and susceptible to a 10,000-guess brute for...

5.3CVSS5.3AI score0.00772EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/07/18 12:34 p.m.30 views

CVE-2022-24688

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload and consequently Remote Code Execution via PDF upload with PHP content and a .php extension. The attacker must hijack or obtain privileged user access to the Parameters page in order...

9.2AI score0.02732EPSS
Exploits1References2
CVE
CVE
added 2022/07/18 12:34 p.m.73 views

CVE-2022-24688

CVE-2022-24688 affects DSK DSKNet 2.16.136.0 and 2.17.136.5. The issue allows unrestricted file upload via PDF content that uses a PHP extension, enabling Remote Code Execution. An attacker must obtain privileged access to the Parameters page (via Broken Access Control with brute-force or SQL Inj...

8.8CVSS8.9AI score0.02732EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/07/18 12:0 a.m.5 views

DSK DSKNet SQL注入漏洞

DSK DSKNet is a data interaction program from DSK Japan. Their time and attendance data can be accessed interactively from any site connected to your network. A security vulnerability exists in DSK DSKNet versions 2.16.136.0 and 2.17.136.5, which stems from a SQL injection vulnerability that allo...

7.1CVSS6.8AI score0.00779EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/07/18 12:0 a.m.3 views

DSK DSKNet 安全漏洞

DSK DSKNet is a data interaction program from DSK Japan. Their time and attendance data can be accessed interactively from any site connected to your network. A security vulnerability exists in DSK DSKNet versions 2.16.136.0 and 2.17.136.5, which stems from incorrectly handled access control, whi...

5.3CVSS6.8AI score0.00772EPSS
Exploits1References3
Rows per page
Query Builder