Lucene search
K

110 matches found

Positive Technologies
Positive Technologies
added 2024/02/23 12:0 a.m.6 views

PT-2024-19634 · Zkteco · Zkteco Zkbio Wdms

Name of the Vulnerable Software and Affected Versions: zkteco zkbio WDMS version 8.0.5 Description: An issue in the software allows an attacker to execute arbitrary code via the "/files/backup/" component. Recommendations: For zkteco zkbio WDMS version 8.0.5, consider restricting access to the...

9.8CVSS7.2AI score0.00815EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/02/23 12:0 a.m.5 views

ZKTeco ZKBio WDMS Security Vulnerability

ZKTeco ZKBio WDMS is a web-based data system from ZKTeco, China. A security vulnerability exists in ZKTeco ZKBio WDMS version v.8.0.5. An attacker can exploit this vulnerability to execute arbitrary code via the /files/backup/ component...

9.8CVSS7.7AI score0.00815EPSS
Exploits0References5
CVE
CVE
added 2024/02/23 12:0 a.m.3866 views

CVE-2024-22988

CVE-2024-22988 – ZKTeco ZKBio WDMS : Affects ZKBio WDMS prior to 9.0.2 Build 20250526. The vulnerability allows an attacker to download a database backup via the /files/backup/ component because the backup filename is based on a predictable timestamp, enabling unauthorized access to backups. Red ...

9.8CVSS9.3AI score0.00815EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/02/23 12:0 a.m.26 views

CVE-2024-22988

ZKteco ZKBio WDMS before 9.0.2 Build 20250526 allows an attacker to download a database backup via the /files/backup/ component because the filename is based on a predictable timestamp...

7.7AI score0.00815EPSS
Exploits0References4
OSV
OSV
added 2024/02/21 6:15 p.m.6 views

CVE-2024-1706

A vulnerability was determined in ZKTeco ZKBio Access IVS up to 3.3.2. This impacts an unknown function of the component Department Name Search Bar. This manipulation with the input hi causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly...

5.4CVSS4.2AI score0.00433EPSS
Exploits0References6
Prion
Prion
added 2024/02/21 6:15 p.m.19 views

Cross site scripting

A vulnerability, which was classified as problematic, has been found in ZKTeco ZKBio Access IVS up to 3.3.2. Affected by this issue is some unknown functionality of the component Department Name Search Bar. The manipulation with the input hi leads to cross site scripting. The attack may be launch...

4CVSS6.3AI score0.00433EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/02/21 6:0 p.m.22 views

CVE-2024-1706 ZKTeco ZKBio Access IVS Department Name Search Bar cross site scripting

A vulnerability was determined in ZKTeco ZKBio Access IVS up to 3.3.2. This impacts an unknown function of the component Department Name Search Bar. This manipulation with the input hi causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly...

5.1CVSS4AI score0.00433EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/02/21 6:0 p.m.13 views

CVE-2024-1706 ZKTeco ZKBio Access IVS Department Name Search Bar cross site scripting

A vulnerability was determined in ZKTeco ZKBio Access IVS up to 3.3.2. This impacts an unknown function of the component Department Name Search Bar. This manipulation with the input hi causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly...

5.1CVSS3.7AI score0.00433EPSS
Exploits0References6
CVE
CVE
added 2024/02/21 6:0 p.m.58 views

CVE-2024-1706

CVE-2024-1706 affects ZKTeco ZKBio Access IVS up to 3.3.2, specifically the Department Name Search Bar component. The vulnerability is an input-based cross-site scripting (XSS) issue that can be exploited remotely; exploitation requires user interaction. Public disclosures exist. The vendor notes...

5.4CVSS3.7AI score0.00433EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/21 12:0 a.m.7 views

PT-2024-18239 · Zkteco · Zkbio Access Ivs

Name of the Vulnerable Software and Affected Versions: ZKTeco ZKBio Access IVS versions up to 3.3.2 Description: A problematic issue has been found in the Department Name Search Bar component, allowing for cross-site scripting through the manipulation of input, such as hi. This can be exploited...

5.4CVSS6.6AI score0.00433EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/12/15 12:0 a.m.4 views

ZKTeco ZKBio Time Security Vulnerability

ZKTeco ZKBio Time is a powerful web-based time and attendance management software from China-based ZKTeco. Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance A security vulnerability exists in versions 13.0 through 16.0.1, which stems from an SQL injection...

9.8CVSS7.9AI score0.00786EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/08/07 12:0 a.m.8 views

The vulnerability of the web platform used for creating ZKBio Access lVS control and access management systems stems from insufficient protection of sensitive data. This allows a malicious actor to gain unauthorized access to the protected information.

The vulnerability of the web platform used for creating ZKBio Access lVS access control and management systems is related to insufficient protection of operational data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

6.5CVSS7.2AI score0.00498EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/08/07 12:0 a.m.7 views

The vulnerability in the web platform used for creating ZKBio Access lVS control and access management systems stems from errors in processing the relative path to the catalog. This allows a hacker to gain access to and read arbitrary files.

The vulnerability of the web platform used for creating ZKBio Access lVS access control and management systems is related to errors in processing the relative path to the catalog. Exploiting this vulnerability could allow a malicious actor to gain read access to arbitrary files...

7.8CVSS7.3AI score0.00603EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/08/03 11:15 p.m.6 views

CVE-2023-38950

A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. This vulnerability was fixed in version 9.0.120240617.19506 of ZKBioTime...

7.5CVSS5.9AI score0.8488EPSS
Exploits3References5
NVD
NVD
added 2022/12/09 3:15 p.m.16 views

CVE-2022-44213

ZKTeco Xiamen Information Technology ZKBio ECO ADMS =3.1-164 is vulnerable to Cross Site Scripting XSS...

4.8CVSS0.00409EPSS
Exploits1References1
OSV
OSV
added 2022/12/09 3:15 p.m.5 views

CVE-2022-44213

ZKTeco Xiamen Information Technology ZKBio ECO ADMS =3.1-164 is vulnerable to Cross Site Scripting XSS...

4.8CVSS5.8AI score0.00409EPSS
Exploits1References1
Prion
Prion
added 2022/12/09 3:15 p.m.15 views

Cross site scripting

ZKTeco Xiamen Information Technology ZKBio ECO ADMS =3.1-164 is vulnerable to Cross Site Scripting XSS...

4.3CVSS5AI score0.00409EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/09 12:0 a.m.3 views

PT-2022-27144 · Zkbio · Zkbio Eco Adms

Name of the Vulnerable Software and Affected Versions: ZKBio ECO ADMS versions 3.1-164 and earlier Description: The issue is related to Cross Site Scripting XSS, which is a type of security vulnerability that can be exploited by attackers to inject malicious scripts into websites or web...

4.8CVSS4.9AI score0.00409EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/12/09 12:0 a.m.4 views

ZKTeco ZKBio Time 跨站脚本漏洞

ZKTeco ZKBio Time is a powerful web-based time and attendance management software from ZKTeco, China. A security vulnerability exists in ZKTeco ZKBio Time prior to version 3.1-164, which originates from a vulnerability that allows users to embed malicious code in the Web UI...

4.8CVSS5.3AI score0.00409EPSS
Exploits1References2
CVE
CVE
added 2022/12/09 12:0 a.m.70 views

CVE-2022-44213

ZKTeco Xiamen/ZKBio ECO ADMS before 3.1-164 is vulnerable to Cross-Site Scripting (XSS) in the Web UI (CVE-2022-44213). Affected: ZKBio ECO ADMS, versions ≤ 3.1-164. Root cause: unsanitized input in the UI. Impact per CVSS is low/low confidentiality and integrity, no availability impact. Remediat...

4.8CVSS5AI score0.00409EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder