Lucene search
K

13 matches found

Cvelist
Cvelist
added 2026/03/15 1:35 p.m.23 views

CVE-2016-20024 ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation

ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with...

9.8CVSS0.00735EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-25792

Malware in sbrugna...

7.5CVSS7.5AI score0.0053EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 7:2 a.m.8 views

CVE-2017-14680

ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document...

7.5CVSS6.7AI score0.04327EPSS
Exploits5References1
OSV
OSV
added 2022/12/06 12:15 a.m.3 views

CVE-2021-39434

A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220...

7.5CVSS5.8AI score0.0053EPSS
Exploits0References1
NVD
NVD
added 2022/12/06 12:15 a.m.18 views

CVE-2021-39434

A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220...

7.5CVSS0.0053EPSS
Exploits0References1
Prion
Prion
added 2022/12/06 12:15 a.m.18 views

Default credentials

A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220...

5CVSS7.7AI score0.0053EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/05 12:0 a.m.7 views

CVE-2021-39434

A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220...

7.2AI score0.0053EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2017/12/05 12:0 a.m.77 views

ZKTeco ZKTime Web Detection

Detection of ZKTeco ZKTime Web. The script sends a connection request to the server and attempts to detect ZKTeco ZKTime Web and to extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

7AI score
Exploits0References1
OpenVAS
OpenVAS
added 2017/12/05 12:0 a.m.77 views

ZKTeco ZKTime Web Multiple Vulnerabilities

ZKTeco ZKTime Web is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zkteco:zktimeweb";...

8.8CVSS7.8AI score0.01238EPSS
Exploits6References4
0day.today
0day.today
added 2017/12/01 12:0 a.m.68 views

ZKTeco ZKTime Web 2.0.1.12280 Cross Site Scripting Vulnerability

ZKTeco ZKTime Web version 2.0.1.12280 suffers from a cross site scripting vulnerability. 1. Introduction Vendor: ZKTeco Affected Product: ZKTime Web - 2.0.1.12280 Fixed in: Vendor Website: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vulnerability Type: Reflected XSS Remote Exploitable: Ye...

4.3CVSS6.3AI score0.01238EPSS
Exploits3
Prion
Prion
added 2017/09/26 2:29 p.m.14 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens...

6CVSS7.8AI score0.01079EPSS
Exploits4References2Affected Software1
CVE
CVE
added 2017/09/26 2:0 p.m.72 views

CVE-2017-13129

CVE-2017-13129 affects ZKTime Web 2.0.1.12280 (ZKTeco) and is due to a CSRF vulnerability allowing remote authenticated users to hijack administrator actions to add admins, caused by lack of anti-CSRF tokens. Exploitation and in-the-wild details are present in connected sources; no official patch...

8CVSS7.7AI score0.01079EPSS
Exploits4References2Affected Software1
Cvelist
Cvelist
added 2017/09/26 2:0 p.m.23 views

CVE-2017-13129

Cross-site request forgery CSRF vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens...

7.8AI score0.01079EPSS
Exploits4References2
Rows per page
Query Builder