Filtered by vendor Iwcnetwork
Subscribe
Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-17876 | 1 Iwcnetwork | 1 Shift | 2018-01-10 | 5.0 MEDIUM | 7.5 HIGH |
Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter. | |||||
CVE-2017-17995 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2018-01-09 | 3.5 LOW | 5.4 MEDIUM |
Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request. | |||||
CVE-2017-17994 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2018-01-09 | 3.5 LOW | 5.4 MEDIUM |
Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request. | |||||
CVE-2017-17993 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2018-01-09 | 3.5 LOW | 5.4 MEDIUM |
Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request. | |||||
CVE-2017-17991 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2018-01-09 | 3.5 LOW | 5.4 MEDIUM |
Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request. | |||||
CVE-2017-17990 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2018-01-09 | 6.8 MEDIUM | 8.8 HIGH |
Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action. | |||||
CVE-2017-17992 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2018-01-09 | 5.0 MEDIUM | 9.8 CRITICAL |
Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action. | |||||
CVE-2017-17989 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2018-01-09 | 3.5 LOW | 5.4 MEDIUM |
Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action. |