Tyler Butler

7 exploits Active since Jun 2021
CVE-2021-3441 NOMISEC MEDIUM SCANNER
HP OfficeJet 7110 Firmware >=2117a - Cross-Site Scripting
A potential security vulnerability has been identified for the HP OfficeJet 7110 Wide Format ePrinter that enables Cross-Site Scripting (XSS).
2 stars
CVSS 4.8
CVE-2021-35956 NOMISEC MEDIUM WORKING POC
AKCP sensorProbe <SP480-20210624 - XSS
Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields.
1 stars
CVSS 5.4
CVE-2021-47967 EXPLOITDB MEDIUM text WORKING POC
PHP Timeclock 1.04 Multiple Cross-Site Scripting via Parameters
PHP Timeclock 1.04 contains multiple cross-site scripting vulnerabilities that allow unauthenticated attackers to inject arbitrary JavaScript by manipulating URL paths and POST parameters. Attackers can append malicious payloads to login.php, timeclock.php, audit.php, and timerpt.php endpoints, or inject code through from_date and to_date parameters in report requests to execute scripts in user browsers.
CVSS 6.1
CVE-2021-47966 EXPLOITDB HIGH text WORKING POC
PHP Timeclock 1.04 SQL Injection via login.php
PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the login_userid parameter of login.php that allows unauthenticated attackers to extract database contents. Attackers can submit crafted POST requests with SQL payloads using SLEEP functions or RLIKE conditional statements to dump sensitive database information including employee names and credentials.
CVSS 8.2
CVE-2020-37005 EXPLOITDB HIGH python WORKING POC
TimeClock Software 1.01 - Authenticated SQL Injection
TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the add_entry.php endpoint to determine user existence by measuring response time differences.
CVSS 7.1
CVE-2021-3441 EXPLOITDB MEDIUM python WORKING POC
HP OfficeJet 7110 Firmware >=2117a - Cross-Site Scripting
A potential security vulnerability has been identified for the HP OfficeJet 7110 Wide Format ePrinter that enables Cross-Site Scripting (XSS).
CVSS 4.8
CVE-2021-35956 EXPLOITDB MEDIUM text WORKING POC
AKCP sensorProbe <SP480-20210624 - XSS
Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields.
CVSS 5.4