39 matches found
EUVD-2017-8223
Malware in sbrugna...
EUVD-2017-8224
Malware in sbrugna...
CVE-2017-14680
ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document...
Unauthorized Access Vulnerability in ZKTime Web Software
ZKTime Web Software is a web-based service management system for ZKTime. An unauthorized access vulnerability exists in ZKTime Web Software, which can be exploited by an attacker to unauthorizedly download a dat backup file containing sensitive database information...
ZKTeco ZKTime Web Multiple Vulnerabilities
ZKTeco ZKTime Web is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zkteco:zktimeweb";...
ZKTeco ZKTime Web Detection
Detection of ZKTeco ZKTime Web. The script sends a connection request to the server and attempts to detect ZKTeco ZKTime Web and to extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
CVE-2017-17056
The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'passwordchange' function of the Modify Password component, reachable via the oldpassword, newpassword1, and newpassword2 parameters to the /accounts/passwordchange/ URI. An...
CVE-2017-17057
There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the 'Range' field of the 'Department' module in a Personnel Advanced Query. A remote attacker can execute arbitrary HTML and script code in the browse...
Design/Logic Flaw
The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'passwordchange' function of the Modify Password component, reachable via the oldpassword, newpassword1, and newpassword2 parameters to the /accounts/passwordchange/ URI. An...
Cross site scripting
There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the 'Range' field of the 'Department' module in a Personnel Advanced Query. A remote attacker can execute arbitrary HTML and script code in the browse...
CVE-2017-17057
There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the 'Range' field of the 'Department' module in a Personnel Advanced Query. A remote attacker can execute arbitrary HTML and script code in the browse...
CVE-2017-17056
The CVE-2017-17056 entry concerns ZKTime Web Software 2.0.1.12280. The vulnerability is a Cross-Site Request Forgery (CSRF) in the Modify Password component’s password_change() function, reachable via old_password/new_password1/new_password2 to /accounts/password_change/. An attacker can craft a ...
CVE-2017-17057
CVE-2017-17057 : A reflected Cross-Site Scripting (XSS) in ZKTeco ZKTime Web 2.0.1.12280, specifically in the Department module’s Range field of Personnel Advanced Query. The issue arises from insufficient filtration of user-supplied data, allowing remote attackers to inject arbitrary HTML/JavaSc...
CVE-2017-17056
The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'passwordchange' function of the Modify Password component, reachable via the oldpassword, newpassword1, and newpassword2 parameters to the /accounts/passwordchange/ URI. An...
ZKTeco ZKTime Web Personnel Advanced Query Department Module Cross-Site Scripting Vulnerability
ZKTeco ZKTime Web is a time and attendance management system from ZKTeco, Inc.The Department module in Personnel Advanced Query is one of the departmental personnel advanced query modules. A cross-site scripting vulnerability exists in the Range field of the Department module in Personnel Advance...
ZKTime Web Software Cross-Site Scripting Vulnerability
ZKTeco ZKTime Web Software is a time and attendance management system from ZKTeco, Inc. A cross-site scripting vulnerability exists in ZKTeco ZKTime Web Software version 2.0.1.12280. An attacker could exploit this vulnerability to elevate privileges to administrator privileges...
ZKTeco ZKTime Web 2.0.1.12280 Cross Site Request Forgery Vulnerability
Exploit for jsp platform in category web applications 1. Introduction Vendor: ZKTeco Affected Product: ZKTime Web - 2.0.1.12280 Fixed in: Vendor Website: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vulnerability Type: Cross Site Request Forgery Remote Exploitable: Yes CVE: CVE-2017-17056 ...
ZKTeco ZKTime Web 2.0.1.12280 Cross Site Scripting Vulnerability
ZKTeco ZKTime Web version 2.0.1.12280 suffers from a cross site scripting vulnerability. 1. Introduction Vendor: ZKTeco Affected Product: ZKTime Web - 2.0.1.12280 Fixed in: Vendor Website: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vulnerability Type: Reflected XSS Remote Exploitable: Ye...
ZKTeco ZKTime Web 2.0.1.12280 Cross Site Request Forgery
Introduction Vendor: ZKTeco Affected Product: ZKTime Web - 2.0.1.12280 Fixed in: Vendor Website: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vulnerability Type: Cross Site Request Forgery Remote Exploitable: Yes CVE: CVE-2017-17056 2. Product description ZKTime Web 2.0 is a cutting edge...
ZKTeco ZKTime Web 2.0.1.12280 Cross Site Scripting
Introduction Vendor: ZKTeco Affected Product: ZKTime Web - 2.0.1.12280 Fixed in: Vendor Website: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vulnerability Type: Reflected XSS Remote Exploitable: Yes CVE: CVE-2017-17057 2. Overview There is a reflected XSS vulnerability in ZKTime Web. The...