9 matches found
EUVD-2022-33944
Malicious code in bioql PyPI...
CVE-2022-29613
Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application...
CVE-2022-29613
Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application...
CVE-2022-29613
Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application...
Input validation
Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application...
CVE-2022-29613
Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application...
Sentrifugo SQL Injection Vulnerability (CNVD-2020-66084)
Sentrifugo is a human resource management system. The system includes functions for human resources management, performance appraisal, recruitment management and asset management. Sentrifugo version 3.2 suffers from a SQL injection vulnerability that originates from the fact that administrators c...
CVE-2020-26805
In Sentrifugo 3.2, admin can edit employee's informations via this endpoint -- /sentrifugo/index.php/empadditionaldetails/edit/userid/2. In this POST request, "employeeNumId" parameter is affected by SQLi vulnerability. Attacker can inject SQL commands into query, read data from database or write...
EXCELLENT INFOTEK BiYan Information Disclosure Vulnerability (CNVD-2019-18740)
EXCELLENT INFOTEK BiYan is China Taiwan Jieyin information EXCELLENT INFOTEK company's set of document management system. An information disclosure vulnerability exists in EXCELLENT INFOTEK BiYan versions 1.57 through 2.8. The vulnerability can be exploited to disclose user information password b...