Lucene search
+L

4 matches found

packetstorm
packetstorm
added 2020/02/05 12:0 a.m.119 views

Kronos WebTA 4.0 Privilege Escalation / Cross Site Scripting

Exploit Title: Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation Discovered by: Elwood Buck & Nolan B. Kennedy of Mindpoint Group Exploit Author: Nolan B. Kennedy nxkennedy Discovery date: 2019-09-20 Vendor Homepage: https://www.kronos.com/products/kronos-webta Version: 3.8.x - 4.0...

3.5CVSS0.1AI score0.03138EPSS
Exploits7
exploitdb
exploitdb
added 2020/02/05 12:0 a.m.379 views

Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation

Exploit Title: Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation Discovered by: Elwood Buck & Nolan B. Kennedy of Mindpoint Group Exploit Author: Nolan B. Kennedy nxkennedy Discovery date: 2019-09-20 Vendor Homepage: https://www.kronos.com/products/kronos-webta Version: 3.8.x - 4.0...

8.8CVSS6.3AI score0.03138EPSS
Exploits7
nvd
nvd
added 2020/01/30 10:15 p.m.18 views

CVE-2020-8494

In Kronos Web Time and Attendance webTA 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin privileges to gain unauthorized administrative privileges within the application via the empid, userid, pw...

8.8CVSS8AI score0.01107EPSS
Exploits5References2
cve
cve
added 2020/01/30 9:18 p.m.105 views

CVE-2020-8494

Kronos WebTA (webTA) 3.8.x and 3.x versions prior to 4.0 are affected by CVE-2020-8494 via the com.threeis.webta.H402editUser servlet, allowing a user with Timekeeper, Master Timekeeper, or HR Admin privileges to gain unauthorized administrative privileges through parameters such as emp_id, useri...

8.8CVSS8.7AI score0.01107EPSS
Exploits5References2Affected Software1
Rows per page
Query Builder