Show filters
8 Total Results
Displaying 1-8 of 8
Sort by:
Attacker Value
Unknown

CVE-2017-17992

Disclosure Date: December 30, 2017 (last updated November 26, 2024)
Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action.
0
0
Attacker Value
Unknown

CVE-2017-17994

Disclosure Date: December 30, 2017 (last updated November 26, 2024)
Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request.
0
0
Attacker Value
Unknown

CVE-2017-17991

Disclosure Date: December 30, 2017 (last updated November 26, 2024)
Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request.
0
0
Attacker Value
Unknown

CVE-2017-17995

Disclosure Date: December 30, 2017 (last updated November 26, 2024)
Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request.
0
0
Attacker Value
Unknown

CVE-2017-17989

Disclosure Date: December 30, 2017 (last updated November 26, 2024)
Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action.
0
0
Attacker Value
Unknown

CVE-2017-17993

Disclosure Date: December 30, 2017 (last updated November 26, 2024)
Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request.
0
0
Attacker Value
Unknown

CVE-2017-17990

Disclosure Date: December 30, 2017 (last updated November 26, 2024)
Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action.
0
0
Attacker Value
Unknown

CVE-2017-17876

Disclosure Date: December 27, 2017 (last updated November 26, 2024)
Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter.
0
0