32 matches found
EUVD-2024-17440
Malicious code in bioql PyPI...
ZKTeco ZKBio Time Detection
Binary data zktecozkbiotimedetect.nbin...
CVE-2024-22988
ZKteco ZKBio WDMS before 9.0.2 Build 20250526 allows an attacker to download a database backup via the /files/backup/ component because the filename is based on a predictable timestamp...
CVE-2024-11049
A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /authfiles/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an atta...
CVE-2024-35428
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. An authenticated user can delete local files from the server which can lead to DoS...
CVE-2024-35433
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, can create a new admin user...
CVE-2024-11049
A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /authfiles/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an atta...
CVE-2024-11049 ZKTeco ZKBio Time Image File photo direct request
A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /authfiles/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an atta...
CVE-2024-11049
CVE-2024-11049 affects ZKTeco ZKBio Time 9.0.1, specifically the Image File Handler component and an unknown function of the file path /auth_files/photo/. The issue allows remote-triggered manipulation of a direct request, with attack complexity rated as HIGH and no required privileges, but no us...
ZKTeco ZKBio Time 安全漏洞
ZKTeco ZKBio Time is a powerful web-based time and attendance management software from ZKTeco, China. A security vulnerability exists in ZKTeco ZKBio Time version 9.0.1, which originates from the component Image File Handler where the file /authfiles/photo/ can lead to a direct request...
PT-2024-16723 · Zkteco · Zkteco Biotime
Name of the Vulnerable Software and Affected Versions: ZKTeco ZKBio Time version 9.0.1 Description: A vulnerability has been found in the Image File Handler component of ZKTeco ZKBio Time, affecting an unknown function of the file /auth files/photo/. This issue leads to direct request manipulatio...
ZKTeco ZKBio WDMS 安全漏洞
ZKTeco ZKBio WDMS is a web-based data system from ZKTeco, China. A security vulnerability exists in ZKTeco ZKBio WDMS version v.5.1.3, which stems from a cross-site scripting vulnerability that could allow a remote attacker to execute arbitrary code and gain access to sensitive information via...
CVE-2024-36526
ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key...
CVE-2024-36526
ZKTeco ZKBio CVSecurity v6.1.1 is affected by a hardcoded cryptographic key (CVE-2024-36526). The Red Hat advisory and CNNVD entries corroborate the same issue. The vulnerability stems from a hardcoded key in CVSecurity 6.1.1, enabling high-severity impact per CVSS 3.1 (Critical, with high confid...
CVE-2024-36526
ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key...
CVE-2024-6344
The CVE-2024-6344 issue affects ZKTeco ZKBio CVSecurity V5000, version 4.1.0, in the Push Configuration Section where modifying the Configuration Name enables cross-site scripting. Attacks are described as remotely initiable. Remediation per sources is to upgrade to ZKBio CVSecurity V6600 6.1.3_R...
CVE-2024-35429
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord...
CVE-2024-35431
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the server. NOTE: Third parties have indicated other versions are also vulnerable including up to 6.4.1...
CVE-2024-35429
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord...
CVE-2024-35433
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, can create a new admin user...