Show filters
10 Total Results
Displaying 1-10 of 10
Sort by:
Attacker Value
Unknown
CVE-2017-17992
Disclosure Date: December 30, 2017 (last updated November 26, 2024)
Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action.
0
Attacker Value
Unknown
CVE-2017-17991
Disclosure Date: December 30, 2017 (last updated November 26, 2024)
Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request.
0
Attacker Value
Unknown
CVE-2017-17994
Disclosure Date: December 30, 2017 (last updated November 26, 2024)
Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request.
0
Attacker Value
Unknown
CVE-2017-17995
Disclosure Date: December 30, 2017 (last updated November 26, 2024)
Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request.
0
Attacker Value
Unknown
CVE-2017-17989
Disclosure Date: December 30, 2017 (last updated November 26, 2024)
Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action.
0
Attacker Value
Unknown
CVE-2017-17993
Disclosure Date: December 30, 2017 (last updated November 26, 2024)
Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request.
0
Attacker Value
Unknown
CVE-2017-17990
Disclosure Date: December 30, 2017 (last updated November 26, 2024)
Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action.
0
Attacker Value
Unknown
CVE-2017-17876
Disclosure Date: December 27, 2017 (last updated November 26, 2024)
Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter.
0
Attacker Value
Unknown
CVE-2014-10009
Disclosure Date: January 13, 2015 (last updated October 05, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) notes parameter to the client page; (4) insu_name or (5) price parameter to the add_insurance_cat page; or (6) status[] parameter to the add_status page.
0
Attacker Value
Unknown
CVE-2014-10008
Disclosure Date: January 13, 2015 (last updated October 05, 2023)
Multiple cross-site request forgery (CSRF) vulnerabilities in Stark CRM 1.0 allow remote attackers to hijack the authentication of administrators for requests that add (1) an administrator via a crafted request to the admin page, (2) an agent via a crafted request to the agent page, (3) a sub-agent via a crafted request to the sub_agent page, (4) a partner via a crafted request to the partner page, or (5) a client via a crafted request to the client page.
0
