Lucene search
K

114 matches found

CVE
CVE
added 2020/08/14 7:22 p.m.83 views

CVE-2020-17474

CVE-2020-17474 concerns a token-reuse vulnerability affecting ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723. The connected documents confirm that a token reuse flaw can enable a remote attacker to submit crafted requests to create arbitrary new users, escalate privileges to ...

9.8CVSS9.2AI score0.01184EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/08/14 7:12 p.m.21 views

CVE-2020-17473

Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.020190723 allows an attacker to obtain a long-lasting token by impersonating the server...

5.8AI score0.00745EPSS
Exploits0References1
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.30 views

ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.40 views

ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote SYSTEM Code Execution

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

7.6AI score
Exploits0
OpenVAS
OpenVAS
added 2016/10/06 12:0 a.m.60 views

ZKTeco ZKBioSecurity Multiple Vulnerabilities (Jul 2016)

ZKTeco ZKBioSecurity is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zkteco:zkbiosecurity";...

9.8CVSS5.8AI score0.0078EPSS
Exploits6References10
OpenVAS
OpenVAS
added 2016/10/06 12:0 a.m.21 views

ZKTeco ZKBioSecurity Detection (HTTP)

HTTP based detection of ZKTeco ZKBioSecurity. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4AI score
Exploits0References1
seebug.org
seebug.org
added 2016/09/07 12:0 a.m.23 views

ZKTeco ZKBioSecurity 3.0 hard-coded login credentials and remote system command execution

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/09/05 12:0 a.m.9 views

ZKTeco ZKBioSecurity 3.0 - (visLogin. jsp) Local Authentication bypass

No description provided by source...

7.1AI score
Exploits0
CNVD
CNVD
added 2016/09/03 12:0 a.m.2 views

ZKTeco ZKBioSecurity 3.0 Local Privilege Bypass Vulnerability

ZKBioSecurity is a comprehensive management platform for biometric security. A local privilege bypass vulnerability exists in ZKTeco ZKBioSecurity 3.0, which is caused by the visLogin.jsp script processing login requests via the 'EnvironmentUtil.getClientIprequest' method, allowing an attacker to...

6.5AI score
Exploits0References1
CNVD
CNVD
added 2016/09/03 12:0 a.m.2 views

ZKTeco ZKBioSecurity 3.0 Directory Traversal Vulnerability

ZKBioSecurity is a comprehensive management platform for biometric security. A directory traversal vulnerability exists in ZKTeco ZKBioSecurity 3.0, which can be exploited by an attacker to obtain sensitive information by modifying a file path...

6.6AI score
Exploits0References1
CNVD
CNVD
added 2016/09/03 12:0 a.m.2 views

ZKTeco ZKBioSecurity 3.0 Cross-Site Request Forgery Vulnerability

ZKBioSecurity 3.0 is a smart security management platform. ZKTeco ZKBioSecurity 3.0 cross-site request forgery vulnerability can be exploited by an attacker to perform certain actions with administrator privileges...

6.9AI score
Exploits0References1
CNVD
CNVD
added 2016/09/03 12:0 a.m.3 views

ZKTeco ZKBioSecurity 3.0 Hardcoded Certificate Remote System Command Execution Vulnerability

ZKBioSecurity is a comprehensive management platform for biometric security. The ZKTeco ZKBioSecurity 3.0 hard-coded credentials remote system command execution vulnerability arises because after credential validation, the application bundles a pre-configured Apache Tomcat server and user login...

8.2AI score
Exploits0References1
exploitpack
exploitpack
added 2016/08/31 12:0 a.m.34 views

ZKTeco ZKBioSecurity 3.0 - visLogin.jsp Local Authentication Bypass

ZKTeco ZKBioSecurity 3.0 - visLogin.jsp Local Authentication Bypass ZKTeco ZKBioSecurity 3.0 visLogin.jsp Local Authorization Bypass Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform:...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2016/08/31 12:0 a.m.45 views

ZKTeco ZKBioSecurity 3.0 User Enumeration

!/usr/bin/env python ZKTeco ZKBioSecurity 3.0 User Enumeration Weakness Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2016/08/31 12:0 a.m.43 views

ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote SYSTEM Code Execution

i? ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote SYSTEM Code Execution Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2016/08/31 12:0 a.m.45 views

ZKTeco ZKBioSecurity 3.0 visLogin.jsp Authorization Bypass

i? ZKTeco ZKBioSecurity 3.0 visLogin.jsp Local Authorization Bypass Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2016/08/31 12:0 a.m.30 views

ZKTeco ZKBioSecurity 3.0 Cross Site Scripting

i? ZKTeco ZKBioSecurity 3.0 Multiple XSS Vulnerabilities Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator: 2.0.1.0R777...

Exploits0
Exploit DB
Exploit DB
added 2016/08/31 12:0 a.m.49 views

ZKTeco ZKBioSecurity 3.0 - 'visLogin.jsp' Local Authentication Bypass

ZKTeco ZKBioSecurity 3.0 visLogin.jsp Local Authorization Bypass Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2016/08/31 12:0 a.m.54 views

ZKTeco ZKBioSecurity 3.0 - Cross-Site Request Forgery (Add Superadmin)

!-- ZKTeco ZKBioSecurity 3.0 CSRF Add Superadmin Exploit Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator: 2.0.1.0R777...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2016/08/31 12:0 a.m.39 views

ZKTeco ZKBioSecurity 3.0 File Path Manipulation

i? ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator:...

0.1AI score
Exploits0
Rows per page
Query Builder