131 matches found
Path traversal
A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attackers to write arbitrary files via using a malicious SFTP configuration...
ZKTeco BioTime Security Breach
ZKTeco BioTime is a powerful web-based time and attendance management software from the Chinese company ZKTeco. A security vulnerability exists in ZKTeco BioTime v8.5.5 that could allow an unauthenticated attacker to read sensitive backup files and access sensitive information such as user...
Zkteco BioTime Path Traversal Vulnerability
ZKTeco BioTime is a powerful web-based time and attendance management software from the Chinese company ZKTeco. A path traversal vulnerability exists in ZKTeco BioTime version v8.5.5, which originates from a vulnerability that allows an unauthenticated attacker to read arbitrary files by providin...
ZKTeco BioTime 安全漏洞
ZKTeco BioTime is a powerful web-based time and attendance management software from ZKTeco, China. A password reset vulnerability exists in ZKTeco BioTime, which can be exploited by an attacker to arbitrarily reset the administrator's password via a crafted web request...
CVE-2023-38950
A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. This vulnerability was fixed in version 9.0.120240617.19506 of ZKBioTime...
CVE-2023-38952
Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that session ids are not validated for the type of user accessing the application by default. Privilege restrictions between non-admin and admin users are not enforc...
CVE-2023-38949
An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request...
CVE-2023-38950
A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. This vulnerability was fixed in version 9.0.120240617.19506 of ZKBioTime...
CVE-2023-38951
CVE-2023-38951 affects ZKTeco BioTime versions 8.5.5 through 9.x prior to 9.0.1. A path traversal flaw in the /base/sftpsetting/ endpoint allows an authenticated attacker to create or overwrite arbitrary server files by abusing the Username field and insufficient input sanitization on the SSH Key...
CVE-2023-38951
ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 20240617.19506 allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints that abuse a path traversal issue in the Username field and a lack of input sanitization on the SSH...
CVE-2023-38951
ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 20240617.19506 allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints that abuse a path traversal issue in the Username field and a lack of input sanitization on the SSH...
CVE-2023-38952
Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that session ids are not validated for the type of user accessing the application by default. Privilege restrictions between non-admin and admin users are not enforc...
CVE-2023-38949
An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request...
CVE-2023-38949
CVE-2023-38949 affects ZKTeco BioTime v8.5.5 via a hidden API in the web interface that can be abused by unauthenticated attackers to reset the Administrator password through a crafted request. The root cause is an exposed, unauthenticated password-reset pathway in the BioTime web platform; impac...
CVE-2023-38952
CVE-2023-38952 affects ZKTeco BioTime
CVE-2023-38950
ZKTeco BioTime v8.5.5 is affected by a path traversal vulnerability in the iclock API that allows unauthenticated attackers to read arbitrary files by supplying a crafted payload. This is due to insufficient path validation in the iclock API parameter handling. The issue is fixed in ZKBioTime ver...
PT-2023-4123 · Zkteco · Zkteco Biotime
Name of the Vulnerable Software and Affected Versions: ZKTeco BioTime version 8.5.5 Description: The issue is related to a hidden API in the ZKTeco BioTime platform, which allows unauthenticated attackers to reset the Administrator password via a crafted web request. This can be exploited by a...
PT-2023-4124
Name of the Vulnerable Software and Affected Versions ZKTeco BioTime version 8.5.5 Description The issue is related to insecure access control in the ZKTeco BioTime platform, which can be exploited by sending a specially crafted HTTP request. This allows an unauthenticated attacker to gain...
PT-2023-4121
Name of the Vulnerable Software and Affected Versions ZKTeco BioTime version 8.5.5 Description The issue is related to a path traversal vulnerability in the iclock API, which can be exploited by supplying a crafted payload, allowing unauthenticated attackers to read arbitrary files. This...
PT-2023-4122 · Zkteco · Zkteco Biotime
Name of the Vulnerable Software and Affected Versions: ZKTeco BioTime version 8.5.5 Description: The issue is related to a path traversal vulnerability in the implementation of the SFTP protocol, which can be exploited by an attacker to write arbitrary files. This can be achieved by using a...