176 matches found
CVE-2022-38802
Zkteco BioTime 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as a PDF...
Improper access control
Zkteco BioTime 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF...
CVE-2022-38802
CVE-2022-38802 affects Zkteco BioTime
CVE-2022-38803
The CVE-2022-38803 issue affects Zkteco BioTime prior to 8.5.3 Build 20200816.447. Root cause: Incorrect Access Control allowing an authenticated user to cause cross-site scripting in the PDF export generator, enabling reading of local files when exporting data as a PDF. Impact: confidentiality o...
@fusuma/task-pdf (>=1.2.0 <=1.16.0), @infosupport/kc-cli (>=2.2.0 <=3.1.0) +10 more potentially affected by CVE-2022-39381 via hummus (>=1.0.104 <=1.0.110)
hummus NPM version =1.0.104, =1.2.0, =2.2.0, =1.0.0, =1.0.50, =0.0.10, =2.0.0, =1.0.0, =0.1.0, =0.1.2, =2.2.0, =0.0.7, =0.0.8 Source cves: CVE-2022-39381 Source advisory: OSV:GHSA-RCRX-FPJP-MFRW...
@fusuma/task-pdf (>=1.2.0 <=1.16.0), @infosupport/kc-cli (>=2.2.0 <=3.1.0) +10 more potentially affected by CVE-2022-25892 via hummus (>=1.0.104 <=1.0.110)
hummus NPM version =1.0.104, =1.2.0, =2.2.0, =1.0.0, =1.0.50, =0.0.10, =2.0.0, =1.0.0, =0.1.0, =0.1.2, =2.2.0, =0.0.7, =0.0.8 Source cves: CVE-2022-25892 Source advisory: OSV:GHSA-9CV5-4WQV-9W94...
@fusuma/task-pdf (>=1.2.0 <=1.16.0), @infosupport/kc-cli (>=2.2.0 <=3.1.0) +10 more potentially affected by CVE-2022-25892 via hummus (>=1.0.104 <=1.0.110)
hummus NPM version =1.0.104, =1.2.0, =2.2.0, =1.0.0, =1.0.50, =0.0.10, =2.0.0, =1.0.0, =0.1.0, =0.1.2, =2.2.0, =0.0.7, =0.0.8 Source cves: CVE-2022-25892 Source advisory: SNYK:JS-HUMMUS-3091138...
Pay Slip PDF Generator System 1.0 Shell Upload Vulnerability
Title: Pay Slip PDF Generator System 1.0 Shell Upload Author: Hejap Zairy Vendor: https://www.sourcecodester.com/php/15242/employees-pay-slip-pdf-generator-system-email-using-phpoop-free-source-code.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/pess0.zip...
Pay Slip PDF Generator System 1.0 SQL Injection Vulnerability
Pay Slip PDF Generator System version suffers from multiple remote SQL injection vulnerabilities that can lead to remote code execution. Title: Pay Slip PDF Generator System 1.0 Blind time SQLi To Rce Author: Hejap Zairy Vendor:...
PDF Generator Web App Using TCPDF 1.0 Local File Inclusion Vulnerability
PDF Generator Web App using TCPDF version 1.0 suffers from a local file inclusion vulnerability. Title: PDF Generator Web App using TCPDF 1.0 LFI To RCE Author: Hejap Zairy Vendor: https://www.sourcecodester.com/php/15243/pdf-generator-web-app-using-tcpdf-and-phpoop-free-source-code.html...
PDF Generator Web Application 1.0 SQL Injection
Exploit Title: PDF Generator Web Application - 'multiple' Blind SQL Injection Date: 26/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15243/pdf-generator-web-app-using-tcpdf-and-phpoop-free-source-code.html...
PDF Generator Web App Using TCPDF 1.0 Local File Inclusion
Title: PDF Generator Web App using TCPDF 1.0 LFI To RCE Author: Hejap Zairy Date: 26.07.2022 Vendor: https://www.sourcecodester.com/php/15243/pdf-generator-web-app-using-tcpdf-and-phpoop-free-source-code.html...
Pay Slip PDF Generator System 1.0 SQL Injection
Title: Pay Slip PDF Generator System 1.0 Blind time SQLi To Rce Author: Hejap Zairy Date: 26.07.2022 Vendor: https://www.sourcecodester.com/php/15242/employees-pay-slip-pdf-generator-system-email-using-phpoop-free-source-code.html Software:...
GHSA-HCQ6-H8V2-R5WM Server-Side Request Forgery in node-pdf-generator
This affects all versions of package node-pdf-generator up to and including 0.0.6. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack...
Server-Side Request Forgery in node-pdf-generator
This affects all versions of package node-pdf-generator up to and including 0.0.6. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack...
Shopify: Bypassing HTML filter in "Packing Slip Template" Lead to SSRF to Internal Kubernetes Endpoints
Summary Shopify has a feature called Print Packing Slip, with this tool, users can easily print a packing slip after customers make an order. The generated packing slip can be downloaded as a PDF file. Users can edit an Edit packing slip template to adjust with a shop design. However, there's hav...
CVE-2020-7740
This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack...
Input validation
This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack...
CVE-2020-7740
CVE-2020-7740 affects node-pdf-generator (all versions up to 0.0.6 per GHSA entry). The root cause is lack of user input validation and sanitization for content fed to the module, enabling an attacker to craft a URL that is passed to an external server, resulting in Server-Side Request Forgery (S...
Server-Side Request Forgery (SSRF)
Overview node-pdf-generator is a Web server to generate PDF's from HTML Affected versions of this package are vulnerable to Server-Side Request Forgery SSRF. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to...