EUVD-2023-44564

Malicious code in bioql PyPI...

EUVD-2023-44566

Malicious code in bioql PyPI...

CVE-2023-3943 Multiple buffer overflow in ZkTeco-based OEM devices

Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions. This issue affects...

CVE-2023-3941 Multiple arbitrary file writes in ZkTeco-based OEM devices

Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affects ZkTeco-based OEM devices ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others with the ZAM170-NF-1.8.25-7354-Ver1.0.0...

CVE-2023-3940

CVE-2023-3940 involves a Relative Path Traversal affecting ZkTeco-based OEM devices (notably ZAM170-NF-1.8.25-7354-Ver1.0.0 on ProFace X and related Smartec models). Connected sources describe path traversal in relative path handling that can allow an attacker to access arbitrary files on the dev...

CVE-2023-3940 Multiple arbitrary file reads in ZkTeco-based OEM devices

Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to access any file on the system. This issue affects ZkTeco-based OEM devices ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others...

CVE-2023-3939

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible. This issue affects...

CVE-2023-3939 Multiple command injection in ZkTeco-based OEM devices

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible. This issue affects...

CVE-2023-3939 Multiple command injection in ZkTeco-based OEM devices

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible. This issue affects...

CVE-2023-3938 Bypassing ZkTeco-based OEM devices/ZKTeco biometric authentication system via SQLi in QR code

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database. This issue affects ZkTeco-based OEM devices ZkTeco ProFace X, Smartec ST-FR043, Smartec...

CVE-2023-3938 Bypassing ZkTeco-based OEM devices/ZKTeco biometric authentication system via SQLi in QR code

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database. This issue affects ZkTeco-based OEM devices ZkTeco ProFace X, Smartec ST-FR043, Smartec...

ZkTeco OEM SQL注入漏洞

ZkTeco OEM is an intelligent system from the Chinese company ZkTeco. ZkTeco OEM suffers from a SQL injection vulnerability that arises from an improper neutralization of special elements used in SQL commands, allowing an attacker to impersonate another user or perform unauthorized actions. The...

ZkTeco ProFace X、Smartec ST-FR043、Smartec ST-FR041ME、ZAM170-NF-1.8.25-7354-Ver1.0.0 SQL注入漏洞

ZkTeco OEM is an intelligent system from ZkTeco China. A SQL injection vulnerability exists in ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME, and ZAM170-NF-1.8.25-7354-Ver1.0.0 versions, which stems from the lack of certain protection mechanisms and allows an attacker to execute arbitrar...

ZkTeco OEM SQL注入漏洞

ZkTeco OEM is an intelligent system from the Chinese company ZkTeco. ZkTeco OEM suffers from a SQL injection vulnerability that stems from incorrect neutralization of special elements used in SQL commands, allowing an attacker to authenticate under any user in the device database. The following...

ZkTeco OEM 路径遍历漏洞

ZkTeco OEM is an intelligent system from the Chinese company ZkTeco. A path traversal vulnerability exists in ZkTeco OEM that originates from allowing an attacker to write to any file on the system with root privileges. The following products and versions are affected: ZkTeco ProFace X, Smartec...

PT-2024-4482 · Smartec +1 · Smartec St-Fr041Me +2

Name of the Vulnerable Software and Affected Versions: ZkTeco-based OEM devices version ZAM170-NF-1.8.25-7354-Ver1.0.0 Description: The issue is related to an OS Command Injection vulnerability, which allows for the execution of arbitrary commands. This vulnerability affects ZkTeco-based OEM...

ZkTeco OEM 路径遍历漏洞

ZkTeco OEM is an intelligent system from the Chinese company ZkTeco. ZkTeco OEM suffers from a path traversal vulnerability that originates from allowing an attacker to access any file on the system. The following products and versions are affected: ZkTeco ProFace X, Smartec ST-FR043, Smartec...