38 matches found
CVE-2022-24689
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This allows a remote attacker to access account information pages including personal data without being authenticated. The collected information includes the badge numbers that operate as user login...
Sql injection
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A SQL Injection vulnerability allows authenticated users to taint database data and extract sensitive information via crafted HTTP requests. The type of SQL Injection is blind boolean based...
Code injection
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The new menu option within the general Parameters page is vulnerable to stored XSS. The attacker can create a menu option, make it visible to every application user, and conduct session hijacking, account takeover, or malicious code...
Code injection
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This allows a remote attacker to access account information pages including personal data without being authenticated. The collected information includes the badge numbers that operate as user login...
Sql injection
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A PresAbs.php SQL Injection vulnerability allows unauthenticated users to taint database data and extract sensitive information via crafted HTTP requests. The type of SQL Injection is blind boolean based. An unauthenticated attacker...
Unrestricted file upload
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload and consequently Remote Code Execution via PDF upload with PHP content and a .php extension. The attacker must hijack or obtain privileged user access to the Parameters page in order...
CVE-2022-24692
The CVE-2022-24692 entry concerns DSK DSKNet 2.16.136.0 and 2.17.136.5. A new menu option on the general Parameters page is vulnerable to stored XSS, allowing an attacker to create a menu option visible to all users and potentially perform session hijacking, account takeover, or deliver malicious...
CVE-2022-24692
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The new menu option within the general Parameters page is vulnerable to stored XSS. The attacker can create a menu option, make it visible to every application user, and conduct session hijacking, account takeover, or malicious code...
CVE-2022-24691
CVE-2022-24691 affects DSK DSKNet 2.16.136.0 and 2.17.136.5. The vulnerability is a blind boolean-based SQL Injection that allows authenticated users to taint database data and extract sensitive information via crafted HTTP requests.
CVE-2022-24691
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A SQL Injection vulnerability allows authenticated users to taint database data and extract sensitive information via crafted HTTP requests. The type of SQL Injection is blind boolean based...
CVE-2022-24690
CVE-2022-24690 : A blind boolean-based SQL injection in PresAbs.php on DSKNet 2.16.136.0 and 2.17.136.5 allows unauthenticated attackers to taint database data and extract sensitive information (e.g., user badge numbers and PINs) via crafted HTTP requests. The issue is linked to Broken Access Con...
CVE-2022-24690
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A PresAbs.php SQL Injection vulnerability allows unauthenticated users to taint database data and extract sensitive information via crafted HTTP requests. The type of SQL Injection is blind boolean based. An unauthenticated attacker...
CVE-2022-24689
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This allows a remote attacker to access account information pages including personal data without being authenticated. The collected information includes the badge numbers that operate as user login...
CVE-2022-24689
The CVE-2022-24689 entry concerns DSK DSKNet 2.16.136.0 and 2.17.136.5, where broken access control allows an unauthenticated remote attacker to view account information pages (including personal data) and obtain login badge numbers; PINs are four-digit and susceptible to a 10,000-guess brute for...
CVE-2022-24688
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload and consequently Remote Code Execution via PDF upload with PHP content and a .php extension. The attacker must hijack or obtain privileged user access to the Parameters page in order...
CVE-2022-24688
CVE-2022-24688 affects DSK DSKNet 2.16.136.0 and 2.17.136.5. The issue allows unrestricted file upload via PDF content that uses a PHP extension, enabling Remote Code Execution. An attacker must obtain privileged access to the Parameters page (via Broken Access Control with brute-force or SQL Inj...
DSK DSKNet SQL注入漏洞
DSK DSKNet is a data interaction program from DSK Japan. Their time and attendance data can be accessed interactively from any site connected to your network. A security vulnerability exists in DSK DSKNet versions 2.16.136.0 and 2.17.136.5, which stems from a SQL injection vulnerability that allo...
DSK DSKNet 安全漏洞
DSK DSKNet is a data interaction program from DSK Japan. Their time and attendance data can be accessed interactively from any site connected to your network. A security vulnerability exists in DSK DSKNet versions 2.16.136.0 and 2.17.136.5, which stems from incorrectly handled access control, whi...