30 matches found
EUVD-2016-10815
ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by submitting partial characters via the username parameter. Attackers can send requests to the authLoginAction!login.do script with varying username inputs to...
EUVD-2016-10807
ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated attackers to access the manager application. Attackers can authenticate with hardcoded credentials stored in tomcat-users.xml to upload malicious WAR archives containing JSP...
CVE-2016-20030
ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by submitting partial characters via the username parameter. Attackers can send requests to the authLoginAction!login.do script with varying username inputs to...
ZKTeco ZKBioSecurity 安全漏洞
ZKTeco ZKBioSecurity is a web-based integrated platform developed by ZKTeco in China. Version 3.0 of ZKTeco ZKBioSecurity contains a security vulnerability. This vulnerability stems from improper handling of file paths, which may allow attackers to access arbitrary files by modifying file paths...
ZKTeco ZKBioSecurity 跨站请求伪造漏洞
ZKTeco ZKBioSecurity is a web-based integrated platform developed by ZKTeco Corporation in China. Version 3.0 of ZKTeco ZKBioSecurity contains a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery, allowing attackers to trick users into accessing...
CVE-2016-20030
CVE-2016-20030 affects ZKTeco ZKBioSecurity 3.0. The vulnerability is a user enumeration flaw in the authLoginAction!login.do endpoint that allows unauthenticated attackers to determine valid usernames by submitting partial usernames. Attack responses reveal username validity, enabling attackers ...
CVE-2016-20029
ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including...
CVE-2016-20028 ZKTeco ZKBioSecurity 3.0 Cross-Site Request Forgery Superadmin
ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious websites. Attackers can craft HTTP requests that add superadmin accounts without validity checks, enabling...
CVE-2016-20028 ZKTeco ZKBioSecurity 3.0 Cross-Site Request Forgery Superadmin
ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious websites. Attackers can craft HTTP requests that add superadmin accounts without validity checks, enabling...
CVE-2016-20028
CVE-2016-20028 affects ZKTeco ZKBioSecurity 3.0. The issue is a Cross-Site Request Forgery (CSRF) that lets an attacker cause administrative actions by coaxing an authenticated user to visit a malicious page. Attacks can craft HTTP requests that add superadmin accounts without validity checks, po...
CVE-2016-20027
ZKTeco ZKBioSecurity 3.0 contains multiple reflected cross-site scripting vulnerabilities that allow attackers to execute arbitrary HTML and script code by injecting malicious payloads through unsanitized parameters in multiple scripts. Attackers can craft malicious URLs with XSS payloads in...
CVE-2016-20026 ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote Code Execution
ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated attackers to access the manager application. Attackers can authenticate with hardcoded credentials stored in tomcat-users.xml to upload malicious WAR archives containing JSP...
CVE-2016-20026
CVE-2016-20026 affects ZKTeco ZKBioSecurity 3.0. The vulnerability stems from hardcoded credentials in the bundled Apache Tomcat server (tomcat-users.xml), which allow unauthenticated access to the manager application and enable uploading malicious WAR archives that execute arbitrary JSP code wit...
PT-2026-25726
Name of the Vulnerable Software and Affected Versions ZKTeco ZKBioSecurity version 3.0 Description The software contains a cross-site request forgery issue that allows attackers to perform administrative actions by deceiving authenticated users into visiting malicious websites. Specifically,...
PT-2026-25727
Name of the Vulnerable Software and Affected Versions ZKTeco ZKBioSecurity version 3.0 Description The software contains a file path manipulation issue that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameter...
EUVD-2022-39337
Malicious code in bioql PyPI...
CVE-2022-36634
An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5r allows attackers to arbitrarily create admin users via a crafted HTTP request...
ZKTeco ZKBioSecurity Code Injection Vulnerability
ZKTeco ZKBioSecurity is a web-based all-in-one platform from the Chinese company ZKTeco. A code injection vulnerability exists in ZKTeco ZKBioSecurity version 4.1.0, which stems from an incorrect operation of the parameter Schedule Name that can lead to cross-site scripting...
ZKTeco ZKBioSecurity Code Injection Vulnerability
ZKTeco ZKBioSecurity is a web-based all-in-one platform from the Chinese company ZKTeco. A code injection vulnerability exists in ZKTeco ZKBioSecurity version 4.1.0, which stems from an incorrect operation of the parameter Department Name that can lead to cross-site scripting...
ZKTeco ZKBioSecurity Security Vulnerabilities
ZKTeco ZKBioSecurity is a web-based all-in-one platform from the Chinese company ZKTeco. A security vulnerability exists in ZKTeco ZKBioSecurity version 6.1.1 that originates from a vulnerability that allows an authenticated user to bypass password checks while exporting data from the application...