9 matches found
EUVD-2016-10805
ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with...
ZKTeco ZKAccess Security System 跨站脚本漏洞
ZKTeco ZKAccess Security System is an access control and security management system developed by ZKTeco Technology. Version 5.3.1 of ZKTeco ZKAccess Security System contains a cross-site scripting vulnerability. This vulnerability arises from improper cleaning of the holidayname and memo POST...
CVE-2016-20032
ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holidayname' and 'memo' POST parameters. Attackers can submit crafted requests with script code i...
CVE-2016-20032 ZKTeco ZKAccess Security System 5.3.1 Stored XSS
ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holidayname' and 'memo' POST parameters. Attackers can submit crafted requests with script code i...
CVE-2016-20032 ZKTeco ZKAccess Security System 5.3.1 Stored XSS
ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holidayname' and 'memo' POST parameters. Attackers can submit crafted requests with script code i...
CVE-2016-20025 ZKTeco ZKAccess Professional 3.5.3 Privilege Escalation via Insecure Permissions
ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with...
ZKTeco ZKAccess Security System 5.3.1 - stored XSS
Application description ZKAccess systems are built on flexible, open technology to provide management, real-time monitoring and control of your access control changes, access via a browser,without the need to install additional software. Security infrastructure devices centralized management,...
ZKTeco ZKAccess Security System 5.3.1 Stored XSS Vulnerability
Summary ZKAccess Systems are built on flexible, open technology to provide management, real-time monitoring, and control of your access control system-all from a browser, with no additional software to install. Our secure Web-hosted infrastructure and centralized online administration reduce your...
ZKTeco ZKAccess Security System 5.3.1 - Persistent Cross-Site Scripting
Exploit for jsp platform in category web applications !-- ZKTeco ZKAccess Security System 5.3.1 Stored XSS Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 5.3.12252 Summary: ZKAccess Systems ar...