33 matches found
EUVD-2020-23270
Malware in sbrugna...
EUVD-2008-6628
Malware in sbrugna...
EUVD-2020-29359
Malware in sbrugna...
EUVD-2020-7112
Malware in sbrugna...
CVE-2020-14982
A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database...
CVE-2020-35604
An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used...
Kronos WebTA External Entity Injection Vulnerability
Kronos Webta is a software for managing office processes from kronos USA. The software is designed to automate and streamline the scheduling, leave management, leave donor and labor management processes. An external entity injection vulnerability exists in Kronos WebTA version 5.0.4, which can be...
CVE-2020-35604
An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used...
CVE-2020-35604
An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used...
Xxe
An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used...
CVE-2020-35604
An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used...
CVE-2020-35604
Kronos WebTA 5.0.4 with SAML enabled is affected by an XXE vulnerability. Multiple sources confirm an external-entity injection flaw in the XML processing when SAML is used, enabling a successful XXE attack. The issue is described as enabling access to sensitive information, with high-severity im...
Kronos WebTA 代码问题漏洞
Kronos Webta is a software for managing office processes from kronos USA. The software is designed to automate and streamline the scheduling, leave management, leave donor and labor management processes. An external entity injection vulnerability exists in Kronos WebTA version 5.0.4, which can be...
Kronos WebTA SQL Injection Vulnerability
Kronos WebTA is an attendance system. Kronos WebTA suffers from a SQL injection vulnerability. An attacker can exploit this vulnerability to read sensitive data from the database...
CVE-2020-14982
A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database...
CVE-2020-14982
A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database...
Sql injection
A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database...
CVE-2020-14982
A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database...
CVE-2020-14982
CVE-2020-14982 describes a Blind SQL Injection in Kronos WebTA 3.8.x and later until 4.0, affecting the com.threeis.webta.H352premPayRequest servlet’s SortBy parameter. An attacker with the Employee, Supervisor, or Timekeeper role can read sensitive data from the database. The available connected...
Kronos WebTA 4.0 Privilege Escalation / Cross Site Scripting
Exploit Title: Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation Discovered by: Elwood Buck & Nolan B. Kennedy of Mindpoint Group Exploit Author: Nolan B. Kennedy nxkennedy Discovery date: 2019-09-20 Vendor Homepage: https://www.kronos.com/products/kronos-webta Version: 3.8.x - 4.0...