Lucene search
K

176 matches found

NVD
NVD
added 2022/11/30 2:15 p.m.19 views

CVE-2022-38802

Zkteco BioTime 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as a PDF...

6.2CVSS0.00639EPSS
Exploits1References2
Prion
Prion
added 2022/11/30 2:15 p.m.24 views

Improper access control

Zkteco BioTime 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF...

3.5CVSS6.1AI score0.00626EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/11/30 12:0 a.m.69 views

CVE-2022-38802

CVE-2022-38802 affects Zkteco BioTime

6.2CVSS5.8AI score0.00639EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/11/30 12:0 a.m.69 views

CVE-2022-38803

The CVE-2022-38803 issue affects Zkteco BioTime prior to 8.5.3 Build 20200816.447. Root cause: Incorrect Access Control allowing an authenticated user to cause cross-site scripting in the PDF export generator, enabling reading of local files when exporting data as a PDF. Impact: confidentiality o...

6.8CVSS6AI score0.00626EPSS
Exploits1References2Affected Software1
vulnersOsv
vulnersOsv
added 2022/11/02 6:10 p.m.4 views

@fusuma/task-pdf (>=1.2.0 <=1.16.0), @infosupport/kc-cli (>=2.2.0 <=3.1.0) +10 more potentially affected by CVE-2022-39381 via hummus (>=1.0.104 <=1.0.110)

hummus NPM version =1.0.104, =1.2.0, =2.2.0, =1.0.0, =1.0.50, =0.0.10, =2.0.0, =1.0.0, =0.1.0, =0.1.2, =2.2.0, =0.0.7, =0.0.8 Source cves: CVE-2022-39381 Source advisory: OSV:GHSA-RCRX-FPJP-MFRW...

7.5CVSS6.6AI score0.00645EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/11/01 12:0 p.m.4 views

@fusuma/task-pdf (>=1.2.0 <=1.16.0), @infosupport/kc-cli (>=2.2.0 <=3.1.0) +10 more potentially affected by CVE-2022-25892 via hummus (>=1.0.104 <=1.0.110)

hummus NPM version =1.0.104, =1.2.0, =2.2.0, =1.0.0, =1.0.50, =0.0.10, =2.0.0, =1.0.0, =0.1.0, =0.1.2, =2.2.0, =0.0.7, =0.0.8 Source cves: CVE-2022-25892 Source advisory: OSV:GHSA-9CV5-4WQV-9W94...

7.5CVSS7.1AI score0.01022EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/10/24 7:46 a.m.24 views

@fusuma/task-pdf (>=1.2.0 <=1.16.0), @infosupport/kc-cli (>=2.2.0 <=3.1.0) +10 more potentially affected by CVE-2022-25892 via hummus (>=1.0.104 <=1.0.110)

hummus NPM version =1.0.104, =1.2.0, =2.2.0, =1.0.0, =1.0.50, =0.0.10, =2.0.0, =1.0.0, =0.1.0, =0.1.2, =2.2.0, =0.0.7, =0.0.8 Source cves: CVE-2022-25892 Source advisory: SNYK:JS-HUMMUS-3091138...

7.5CVSS7.1AI score0.01022EPSS
Exploits0
0day.today
0day.today
added 2022/03/29 12:0 a.m.201 views

Pay Slip PDF Generator System 1.0 Shell Upload Vulnerability

Title: Pay Slip PDF Generator System 1.0 Shell Upload Author: Hejap Zairy Vendor: https://www.sourcecodester.com/php/15242/employees-pay-slip-pdf-generator-system-email-using-phpoop-free-source-code.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/pess0.zip...

0.1AI score
Exploits0
0day.today
0day.today
added 2022/03/29 12:0 a.m.229 views

Pay Slip PDF Generator System 1.0 SQL Injection Vulnerability

Pay Slip PDF Generator System version suffers from multiple remote SQL injection vulnerabilities that can lead to remote code execution. Title: Pay Slip PDF Generator System 1.0 Blind time SQLi To Rce Author: Hejap Zairy Vendor:...

0.5AI score
Exploits0
0day.today
0day.today
added 2022/03/29 12:0 a.m.202 views

PDF Generator Web App Using TCPDF 1.0 Local File Inclusion Vulnerability

PDF Generator Web App using TCPDF version 1.0 suffers from a local file inclusion vulnerability. Title: PDF Generator Web App using TCPDF 1.0 LFI To RCE Author: Hejap Zairy Vendor: https://www.sourcecodester.com/php/15243/pdf-generator-web-app-using-tcpdf-and-phpoop-free-source-code.html...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2022/03/28 12:0 a.m.201 views

PDF Generator Web Application 1.0 SQL Injection

Exploit Title: PDF Generator Web Application - 'multiple' Blind SQL Injection Date: 26/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15243/pdf-generator-web-app-using-tcpdf-and-phpoop-free-source-code.html...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2022/03/27 12:0 a.m.200 views

PDF Generator Web App Using TCPDF 1.0 Local File Inclusion

Title: PDF Generator Web App using TCPDF 1.0 LFI To RCE Author: Hejap Zairy Date: 26.07.2022 Vendor: https://www.sourcecodester.com/php/15243/pdf-generator-web-app-using-tcpdf-and-phpoop-free-source-code.html...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/03/27 12:0 a.m.187 views

Pay Slip PDF Generator System 1.0 SQL Injection

Title: Pay Slip PDF Generator System 1.0 Blind time SQLi To Rce Author: Hejap Zairy Date: 26.07.2022 Vendor: https://www.sourcecodester.com/php/15242/employees-pay-slip-pdf-generator-system-email-using-phpoop-free-source-code.html Software:...

0.7AI score
Exploits0
OSV
OSV
added 2021/05/10 6:38 p.m.24 views

GHSA-HCQ6-H8V2-R5WM Server-Side Request Forgery in node-pdf-generator

This affects all versions of package node-pdf-generator up to and including 0.0.6. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack...

8.2CVSS8.1AI score0.02044EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/05/10 6:38 p.m.50 views

Server-Side Request Forgery in node-pdf-generator

This affects all versions of package node-pdf-generator up to and including 0.0.6. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack...

8.2CVSS7.8AI score0.02044EPSS
Exploits0References4Affected Software1
Hacker One
Hacker One
added 2021/03/02 10:30 p.m.28 views

Shopify: Bypassing HTML filter in "Packing Slip Template" Lead to SSRF to Internal Kubernetes Endpoints

Summary Shopify has a feature called Print Packing Slip, with this tool, users can easily print a packing slip after customers make an order. The generated packing slip can be downloaded as a PDF file. Users can edit an Edit packing slip template to adjust with a shop design. However, there's hav...

0.6AI score
Exploits0
OSV
OSV
added 2020/10/06 6:15 p.m.6 views

CVE-2020-7740

This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack...

8.2CVSS7.2AI score0.02044EPSS
Exploits0References2
Prion
Prion
added 2020/10/06 6:15 p.m.16 views

Input validation

This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack...

6.4CVSS8AI score0.02044EPSS
Exploits0References2
CVE
CVE
added 2020/10/06 4:40 p.m.65 views

CVE-2020-7740

CVE-2020-7740 affects node-pdf-generator (all versions up to 0.0.6 per GHSA entry). The root cause is lack of user input validation and sanitization for content fed to the module, enabling an attacker to craft a URL that is passed to an external server, resulting in Server-Side Request Forgery (S...

8.2CVSS8.1AI score0.02044EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2020/09/03 10:48 p.m.5 views

Server-Side Request Forgery (SSRF)

Overview node-pdf-generator is a Web server to generate PDF's from HTML Affected versions of this package are vulnerable to Server-Side Request Forgery SSRF. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to...

8.2CVSS6.7AI score0.02044EPSS
Exploits0References2
Rows per page
Query Builder