22 matches found
EUVD-2023-42714
Malicious code in bioql PyPI...
EUVD-2023-42716
Malicious code in bioql PyPI...
CVE-2023-38954
ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability...
CVE-2023-38956
A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload...
CVE-2023-38958
An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request...
ZKTeco BioAccess IVS Cross-Site Scripting Vulnerability
ZKTeco BioAccess IVS is a lite web-based security platform from China-based ZKTeco. A cross-site scripting vulnerability exists in ZKTeco BioAccess IVS 3.3.2 and earlier versions, which stems from cross-site scripting in the component Department Name Search Bar...
ZKTeco BioAccess IVS Path Traversal Vulnerability
ZKTeco BioAccess IVS is a lite web-based security platform from ZKTeco, China. A path traversal vulnerability exists in ZKTeco BioAccess IVS v3.3.1, which stems from the program's failure to properly filter special elements in the path of a resource or file, and can be exploited by an attacker to...
ZKTeco BioAccess IVS Access Control Error Vulnerability
ZKTeco BioAccess IVS is a lite web-based security platform from ZKTeco, China. An Access Control Error vulnerability exists in ZKTeco BioAccess IVS v3.3.1, which arises from improper access control and can be exploited by an attacker to arbitrarily close and open the door to the platform...
CVE-2023-38954
ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability...
CVE-2023-38955
ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names...
Sql injection
ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability...
Path traversal
A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload...
CVE-2023-38956
A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload...
CVE-2023-38958
An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request...
CVE-2023-38954
ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability...
CVE-2023-38958
An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request...
CVE-2023-38954
CVE-2023-38954 affects ZKTeco BioAccess IVS v3.3.1. The root cause is improper protection of the SQL query structure, enabling a SQL injection that could be exploited remotely. Documented impact is high (as per CVSS evaluation). There is no publicly documented patch in the provided sources; as a ...
CVE-2023-38955
ZKTeco BioAccess IVS v3.3.1 is affected by an information-disclosure vulnerability. Unauthenticated attackers can obtain sensitive details of all managed devices (IPs, device names) due to insufficient protection of service data on the web platform. The issue is documented in CVE-2023-38955 with ...
CVE-2023-38958
The CVE-2023-38958 entry describes an access control flaw in ZKTeco BioAccess IVS v3.3.1. An unauthenticated attacker can remotely close and open doors managed by the platform by sending a crafted web request. Root cause cited across sources is improper access control. Affected component: BioAcce...
ZKTeco BioAccess IVS 安全漏洞
ZKTeco BioAccess IVS is a lite web-based security platform from ZKTeco, China. An Access Control Error vulnerability exists in ZKTeco BioAccess IVS v3.3.1, which arises from improper access control and can be exploited by an attacker to arbitrarily close and open the door to the platform...