1830 matches found
CVE-2017-17989
The vulnerability described for CVE-2017-17989 affects the Biometric Shift Employee Management System. The issue is a Cross-Site Scripting (XSS) flaw that can be triggered via the index.php holiday_name parameter in the edit_holiday action. According to the available data, this is the scope, with...
CVE-2017-17994
Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competencycriteria request...
CVE-2017-17995
Biometric Shift Employee Management System is affected by a stored/reflected XSS via the Last_Name parameter in the index.php?user=ajax request. The issue, reported across multiple sources (NVD/CNVD/CVELIST, etc.), is caused by improper sanitization of user-supplied input leading to script inject...
CVE-2017-17993
Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=additiondeduction request...
CVE-2017-17992
Biometric Shift Employee Management System is affected by CVE-2017-17992 due to a directory traversal vulnerability in the download_form action. The root cause is lack of validation in the index.php form_file_name parameter, enabling arbitrary file download. Public records note network exposure w...
CVE-2017-17994
Biometric Shift Employee Management System has an XSS vulnerability in the criteria parameter accessible via index.php?user=competency_criteria. The issue is a cross-site scripting flaw described in CNVD-2018-01396 and corroborated by related records, allowing injected scripts to be executed in a...
Biometric Shift Employee Management System File Read Limit Bypass Vulnerability
Biometric Shift Employee Management System is an employee management system. A file read restriction bypass vulnerability exists in Biometric Shift Employee Management System 3.0. A remote attacker can bypass the expected file read restriction via a user=download request with pathname in the path...
CVE-2017-17876
Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter...
CVE-2017-17876
Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter...
Design/Logic Flaw
Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter...
Biometric Shift Employee Management System 3.0 - Local File Disclosure Vulnerability
Exploit for php platform in category web applications Exploit Title: Biometric Shift Employee Management System 3.0 - Local File Download Dork: N/A Date: 24.12.2017 Vendor Homepage: https://www.shiftsystems.net/ Software Link:...
CVE-2017-17876
Biometric Shift Employee Management System 3.0 is affected. The vulnerability lets remote attackers bypass file-read restrictions via a user=download request with a pathname in the path parameter, enabling local file disclosure. This is corroborated by CNVD/NVD entries and Exploit-DB references (...
Biometric Shift Employee Management System 3.0 Local File Disclosure
Exploit Title: Biometric Shift Employee Management System 3.0 - Local File Download Dork: N/A Date: 24.12.2017 Vendor Homepage: https://www.shiftsystems.net/ Software Link: https://codecanyon.net/item/white-label-shift-employee-management-system/21061908 Version: 3.0 Category: Webapps Tested on:...
Biometric Shift Employee Management System 3.0 - Local File Disclosure
Biometric Shift Employee Management System 3.0 - Local File Disclosure Exploit Title: Biometric Shift Employee Management System 3.0 - Local File Download Dork: N/A Date: 24.12.2017 Vendor Homepage: https://www.shiftsystems.net/ Software Link:...
Biometric Shift Employee Management System 3.0 - Local File Disclosure
Exploit Title: Biometric Shift Employee Management System 3.0 - Local File Download Dork: N/A Date: 24.12.2017 Vendor Homepage: https://www.shiftsystems.net/ Software Link: https://codecanyon.net/item/white-label-shift-employee-management-system/21061908 Version: 3.0 Category: Webapps Tested on:...
How to try to predict the output of Micali-Schnorr Generator (MS-DRBG) knowing the factorization. Part II
See also Part I and Part III of this series tl;dr In the previous article of the same series we tried to predict the output of Micali-Schnorr Generator MS-DRBG knowing the factorization. In this blog post we continue the effort started in part I showing different strategies. If you want to skip a...
CVE-2017-11402
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Design flaws in OPC classic and in custom netfilter modules allow an attacker to remotely activate rules on the firewall and to connect to any TCP port of a protected asset, thus bypassing the...
CVE-2017-11402
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Design flaws in OPC classic and in custom netfilter modules allow an attacker to remotely activate rules on the firewall and to connect to any TCP port of a protected asset, thus bypassing the...
PT-2018-5762 · Netapp +7 · Netapp Oncommand Shift +26
Name of the Vulnerable Software and Affected Versions: jackson-databind versions prior to 2.8.11 and 2.9.4 debian linux affected versions not specified fasterxml jackson-databind affected versions not specified netapp oncommand balance affected versions not specified netapp oncommand performance...
zlib: Undefined left shift of negative number
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers...