29 matches found
CVE-2019-16106
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to change the password of any user via the recruitmentonline/personalData/actacounttab.cfm txtNewUserName and hdNP fields...
CVE-2025-66291
OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has...
CVE-2025-66291 OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Interview Attachments
OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has...
CVE-2025-66291 OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Interview Attachments
OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has...
CVE-2025-66291
OrangeHRM versions 5.0–5.7 expose confidential interview documents through an Authorization vulnerability in the Interview Attachment Retrieval endpoint of the Recruitment module. The endpoint serves files based solely on an authenticated session and user-supplied identifiers without verifying wh...
PT-2025-48369
OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has...
EUVD-2025-60980
SAP S/4HANA landscape SAP E-Recruiting BSP allows an unauthenticated attacker to craft malicious links, when clicked the victim could be redirected to the page controlled by the attacker. This has low impact on confidentiality and integrity of the application with no impact on availability...
EUVD-2019-6951
Malware in sbrugna...
EUVD-2019-6197
Malware in sbrugna...
EUVD-2019-6030
Malware in sbrugna...
CVE-2019-14932
The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to access all candidates' information on the website via a modified selApp variable to personalData/resumeDetail.cfm. This includes personal information and other sensitive data...
CVE-2019-15129
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to access all candidates' files in the photo folder on the website by specifying a "user id" parameter and file name, such as in a recruitmentonline/upload/user/userid/photo/filename URI...
CVE-2019-16106
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to change the password of any user via the recruitmentonline/personalData/actacounttab.cfm txtNewUserName and hdNP fields...
Design/Logic Flaw
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to change the password of any user via the recruitmentonline/personalData/actacounttab.cfm txtNewUserName and hdNP fields...
CVE-2019-16106
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to change the password of any user via the recruitmentonline/personalData/actacounttab.cfm txtNewUserName and hdNP fields...
CVE-2019-16106
The CVE-2019-16106 entry affects the Recruitment module of Humanica Humatrix versions 7 1.0.0.203 and 1.0.0.681. An unauthenticated attacker can change a user’s password via the recruitment_online/personalData/act_acounttab.cfm parameters txtNewUserName and hdNP, enabling account compromise. The ...
CVE-2019-15130
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitmentonline/personalData/actpersonaltab.cfm multiple-part POST request with a predictable WRC01USERID...
CVE-2019-15129
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to access all candidates' files in the photo folder on the website by specifying a "user id" parameter and file name, such as in a recruitmentonline/upload/user/userid/photo/filename URI...
CVE-2019-15129
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to access all candidates' files in the photo folder on the website by specifying a "user id" parameter and file name, such as in a recruitmentonline/upload/user/userid/photo/filename URI...
CVE-2019-15130
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitmentonline/personalData/actpersonaltab.cfm multiple-part POST request with a predictable WRC01USERID...