110 matches found
PT-2024-19634 · Zkteco · Zkteco Zkbio Wdms
Name of the Vulnerable Software and Affected Versions: zkteco zkbio WDMS version 8.0.5 Description: An issue in the software allows an attacker to execute arbitrary code via the "/files/backup/" component. Recommendations: For zkteco zkbio WDMS version 8.0.5, consider restricting access to the...
ZKTeco ZKBio WDMS Security Vulnerability
ZKTeco ZKBio WDMS is a web-based data system from ZKTeco, China. A security vulnerability exists in ZKTeco ZKBio WDMS version v.8.0.5. An attacker can exploit this vulnerability to execute arbitrary code via the /files/backup/ component...
CVE-2024-22988
CVE-2024-22988 – ZKTeco ZKBio WDMS : Affects ZKBio WDMS prior to 9.0.2 Build 20250526. The vulnerability allows an attacker to download a database backup via the /files/backup/ component because the backup filename is based on a predictable timestamp, enabling unauthorized access to backups. Red ...
CVE-2024-22988
ZKteco ZKBio WDMS before 9.0.2 Build 20250526 allows an attacker to download a database backup via the /files/backup/ component because the filename is based on a predictable timestamp...
CVE-2024-1706
A vulnerability was determined in ZKTeco ZKBio Access IVS up to 3.3.2. This impacts an unknown function of the component Department Name Search Bar. This manipulation with the input hi causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly...
Cross site scripting
A vulnerability, which was classified as problematic, has been found in ZKTeco ZKBio Access IVS up to 3.3.2. Affected by this issue is some unknown functionality of the component Department Name Search Bar. The manipulation with the input hi leads to cross site scripting. The attack may be launch...
CVE-2024-1706 ZKTeco ZKBio Access IVS Department Name Search Bar cross site scripting
A vulnerability was determined in ZKTeco ZKBio Access IVS up to 3.3.2. This impacts an unknown function of the component Department Name Search Bar. This manipulation with the input hi causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly...
CVE-2024-1706 ZKTeco ZKBio Access IVS Department Name Search Bar cross site scripting
A vulnerability was determined in ZKTeco ZKBio Access IVS up to 3.3.2. This impacts an unknown function of the component Department Name Search Bar. This manipulation with the input hi causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly...
CVE-2024-1706
CVE-2024-1706 affects ZKTeco ZKBio Access IVS up to 3.3.2, specifically the Department Name Search Bar component. The vulnerability is an input-based cross-site scripting (XSS) issue that can be exploited remotely; exploitation requires user interaction. Public disclosures exist. The vendor notes...
PT-2024-18239 · Zkteco · Zkbio Access Ivs
Name of the Vulnerable Software and Affected Versions: ZKTeco ZKBio Access IVS versions up to 3.3.2 Description: A problematic issue has been found in the Department Name Search Bar component, allowing for cross-site scripting through the manipulation of input, such as hi. This can be exploited...
ZKTeco ZKBio Time Security Vulnerability
ZKTeco ZKBio Time is a powerful web-based time and attendance management software from China-based ZKTeco. Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance A security vulnerability exists in versions 13.0 through 16.0.1, which stems from an SQL injection...
The vulnerability of the web platform used for creating ZKBio Access lVS control and access management systems stems from insufficient protection of sensitive data. This allows a malicious actor to gain unauthorized access to the protected information.
The vulnerability of the web platform used for creating ZKBio Access lVS access control and management systems is related to insufficient protection of operational data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability in the web platform used for creating ZKBio Access lVS control and access management systems stems from errors in processing the relative path to the catalog. This allows a hacker to gain access to and read arbitrary files.
The vulnerability of the web platform used for creating ZKBio Access lVS access control and management systems is related to errors in processing the relative path to the catalog. Exploiting this vulnerability could allow a malicious actor to gain read access to arbitrary files...
CVE-2023-38950
A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. This vulnerability was fixed in version 9.0.120240617.19506 of ZKBioTime...
CVE-2022-44213
ZKTeco Xiamen Information Technology ZKBio ECO ADMS =3.1-164 is vulnerable to Cross Site Scripting XSS...
CVE-2022-44213
ZKTeco Xiamen Information Technology ZKBio ECO ADMS =3.1-164 is vulnerable to Cross Site Scripting XSS...
Cross site scripting
ZKTeco Xiamen Information Technology ZKBio ECO ADMS =3.1-164 is vulnerable to Cross Site Scripting XSS...
PT-2022-27144 · Zkbio · Zkbio Eco Adms
Name of the Vulnerable Software and Affected Versions: ZKBio ECO ADMS versions 3.1-164 and earlier Description: The issue is related to Cross Site Scripting XSS, which is a type of security vulnerability that can be exploited by attackers to inject malicious scripts into websites or web...
ZKTeco ZKBio Time 跨站脚本漏洞
ZKTeco ZKBio Time is a powerful web-based time and attendance management software from ZKTeco, China. A security vulnerability exists in ZKTeco ZKBio Time prior to version 3.1-164, which originates from a vulnerability that allows users to embed malicious code in the Web UI...
CVE-2022-44213
ZKTeco Xiamen/ZKBio ECO ADMS before 3.1-164 is vulnerable to Cross-Site Scripting (XSS) in the Web UI (CVE-2022-44213). Affected: ZKBio ECO ADMS, versions ≤ 3.1-164. Root cause: unsanitized input in the UI. Impact per CVSS is low/low confidentiality and integrity, no availability impact. Remediat...