13 matches found
EUVD-2019-2931
Malware in sbrugna...
EXCELLENT INFOTEK BiYan Information Disclosure Vulnerability
EXCELLENT INFOTEK BiYan is China Taiwan Jieyin information EXCELLENT INFOTEK company's set of document management system. An information disclosure vulnerability exists in EXCELLENT INFOTEK BiYan versions 1.57 through 2.8. The vulnerability arises from an error in configuration or other errors in...
EXCELLENT INFOTEK BiYan Information Disclosure Vulnerability (CNVD-2019-18740)
EXCELLENT INFOTEK BiYan is China Taiwan Jieyin information EXCELLENT INFOTEK company's set of document management system. An information disclosure vulnerability exists in EXCELLENT INFOTEK BiYan versions 1.57 through 2.8. The vulnerability can be exploited to disclose user information password b...
CVE-2019-11232
EXCELLENT INFOTEK BiYan v1.57 v2.8 allows an attacker to leak user information Password without being authenticated, by sending an EMPNO element to the kwslogin/asp/queryuser.asp URI, and then reading the PWD element...
CVE-2019-11233
EXCELLENT INFOTEK BiYan v1.57 v2.8 allows an attacker to leak user information without being authenticated, by sending a LOGINID element to the auth/main/asp/checkuserlogininfo.aspx URI, and then reading the response, as demonstrated by the KWEMAIL or KWTEL field...
CVE-2019-11232
EXCELLENT INFOTEK BiYan v1.57 v2.8 allows an attacker to leak user information Password without being authenticated, by sending an EMPNO element to the kwslogin/asp/queryuser.asp URI, and then reading the PWD element...
CVE-2019-11233
EXCELLENT INFOTEK BiYan v1.57 v2.8 allows an attacker to leak user information without being authenticated, by sending a LOGINID element to the auth/main/asp/checkuserlogininfo.aspx URI, and then reading the response, as demonstrated by the KWEMAIL or KWTEL field...
Information disclosure
EXCELLENT INFOTEK BiYan v1.57 v2.8 allows an attacker to leak user information Password without being authenticated, by sending an EMPNO element to the kwslogin/asp/queryuser.asp URI, and then reading the PWD element...
Design/Logic Flaw
EXCELLENT INFOTEK BiYan v1.57 v2.8 allows an attacker to leak user information without being authenticated, by sending a LOGINID element to the auth/main/asp/checkuserlogininfo.aspx URI, and then reading the response, as demonstrated by the KWEMAIL or KWTEL field...
CVE-2019-11233
CVE-2019-11233 affects EXCELLENT INFOTEK BiYan v1.57–v2.8. A misdesign allows an unauthenticated attacker to leak user information by sending a LOGIN_ID element to the endpoint auth/main/asp/check_user_login_info.aspx and reading the response, with leakage demonstrated via KW_EMAIL or KW_TEL fiel...
CVE-2019-11233
EXCELLENT INFOTEK BiYan v1.57 v2.8 allows an attacker to leak user information without being authenticated, by sending a LOGINID element to the auth/main/asp/checkuserlogininfo.aspx URI, and then reading the response, as demonstrated by the KWEMAIL or KWTEL field...
CVE-2019-11232
EXCELLENT INFOTEK BiYan v1.57 v2.8 allows an attacker to leak user information Password without being authenticated, by sending an EMPNO element to the kwslogin/asp/queryuser.asp URI, and then reading the PWD element...
CVE-2019-11232
Summary of CVE-2019-11232 : Affected product is EXCELLENT INFOTEK BiYan versions 1.57 through 2.8. A vulnerability allows an unauthenticated attacker to disclose a password by sending an EMP_NO element to the kws_login/asp/query_user.asp URI and reading the PWD element. This results in informatio...