ZKTeco ZEM500-510-560-760 / ZEM600-800 / ZEM720 / ZMM Missing Authentication

Advisory: Missing Authentication in ZKTeco ZEM/ZMM Web Interface The ZKTeco time attendance device does not require authentication to use the web interface, exposing the database of employees and their credentials. Details ======= Product: ZKTeco ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM Affect...

CVE-2022-2312

The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it...

WordPress plugin Student Result or Employee Database 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Student Result or Employee Database plugin <= 1.7.4 - Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability

Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress Student Result or Employee Database plugin versions = 1.7.4. Solution Update the WordPress Student Result or Employee Database plugin to...

Student Result or Employee Database < 1.7.5 - Stored Cross Site Scripting via CSRF

The plugin does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scripting alert/XSS/'...

WordPress Student Result or Employee Database plugin <=1.6.3 - Authorization Bypass vulnerability

Authorization Bypass vulnerability found by Lim Benjamin found in WordPress Student Result or Employee Database plugin version 1.6.3 and earlier versions. Specific Google dork could find vulnerable websites. Some functions of the plugin do not check the authorization. Solution Update the WordPres...

MassMutual Employee DB Hacked

MassMutual officials this week confirmed that one of its employee databases was accessed by an unauthorized person or persons, exposing an unknown number of employees’ personal data for a yet-to-be-determined amount of time. The Springfield, Mass.-based insurer said the compromised database was...