13 matches found
CVE-2016-20024 ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation
ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with...
EUVD-2021-25792
Malware in sbrugna...
CVE-2017-14680
ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document...
CVE-2021-39434
A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220...
CVE-2021-39434
A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220...
Default credentials
A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220...
CVE-2021-39434
A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220...
ZKTeco ZKTime Web Detection
Detection of ZKTeco ZKTime Web. The script sends a connection request to the server and attempts to detect ZKTeco ZKTime Web and to extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
ZKTeco ZKTime Web Multiple Vulnerabilities
ZKTeco ZKTime Web is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zkteco:zktimeweb";...
ZKTeco ZKTime Web 2.0.1.12280 Cross Site Scripting Vulnerability
ZKTeco ZKTime Web version 2.0.1.12280 suffers from a cross site scripting vulnerability. 1. Introduction Vendor: ZKTeco Affected Product: ZKTime Web - 2.0.1.12280 Fixed in: Vendor Website: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vulnerability Type: Reflected XSS Remote Exploitable: Ye...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens...
CVE-2017-13129
CVE-2017-13129 affects ZKTime Web 2.0.1.12280 (ZKTeco) and is due to a CSRF vulnerability allowing remote authenticated users to hijack administrator actions to add admins, caused by lack of anti-CSRF tokens. Exploitation and in-the-wild details are present in connected sources; no official patch...
CVE-2017-13129
Cross-site request forgery CSRF vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens...