Lucene search
K

131 matches found

Prion
Prion
added 2023/08/03 11:15 p.m.21 views

Path traversal

A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attackers to write arbitrary files via using a malicious SFTP configuration...

7.5CVSS9.3AI score0.03197EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.7 views

ZKTeco BioTime Security Breach

ZKTeco BioTime is a powerful web-based time and attendance management software from the Chinese company ZKTeco. A security vulnerability exists in ZKTeco BioTime v8.5.5 that could allow an unauthenticated attacker to read sensitive backup files and access sensitive information such as user...

7.5CVSS6.4AI score0.02438EPSS
Exploits2References7
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.6 views

Zkteco BioTime Path Traversal Vulnerability

ZKTeco BioTime is a powerful web-based time and attendance management software from the Chinese company ZKTeco. A path traversal vulnerability exists in ZKTeco BioTime version v8.5.5, which originates from a vulnerability that allows an unauthenticated attacker to read arbitrary files by providin...

7.5CVSS6.8AI score0.8488EPSS
Exploits3References7
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.5 views

ZKTeco BioTime 安全漏洞

ZKTeco BioTime is a powerful web-based time and attendance management software from ZKTeco, China. A password reset vulnerability exists in ZKTeco BioTime, which can be exploited by an attacker to arbitrarily reset the administrator's password via a crafted web request...

7.5CVSS6.8AI score0.00355EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/08/03 12:0 a.m.19 views

CVE-2023-38950

A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. This vulnerability was fixed in version 9.0.120240617.19506 of ZKBioTime...

7.9AI score0.8488EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2023/08/03 12:0 a.m.17 views

CVE-2023-38952

Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that session ids are not validated for the type of user accessing the application by default. Privilege restrictions between non-admin and admin users are not enforc...

7.8AI score0.02438EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2023/08/03 12:0 a.m.14 views

CVE-2023-38949

An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request...

7AI score0.00355EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/08/03 12:0 a.m.30 views

CVE-2023-38950

A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. This vulnerability was fixed in version 9.0.120240617.19506 of ZKBioTime...

7.6AI score0.8488EPSS
Exploits3References1
CVE
CVE
added 2023/08/03 12:0 a.m.122 views

CVE-2023-38951

CVE-2023-38951 affects ZKTeco BioTime versions 8.5.5 through 9.x prior to 9.0.1. A path traversal flaw in the /base/sftpsetting/ endpoint allows an authenticated attacker to create or overwrite arbitrary server files by abusing the Username field and insufficient input sanitization on the SSH Key...

9.8CVSS9.6AI score0.03197EPSS
Exploits2References6Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/03 12:0 a.m.20 views

CVE-2023-38951

ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 20240617.19506 allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints that abuse a path traversal issue in the Username field and a lack of input sanitization on the SSH...

9.6AI score0.03197EPSS
Exploits2References5
Cvelist
Cvelist
added 2023/08/03 12:0 a.m.24 views

CVE-2023-38951

ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 20240617.19506 allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints that abuse a path traversal issue in the Username field and a lack of input sanitization on the SSH...

9.6AI score0.03197EPSS
Exploits2References5
Cvelist
Cvelist
added 2023/08/03 12:0 a.m.19 views

CVE-2023-38952

Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that session ids are not validated for the type of user accessing the application by default. Privilege restrictions between non-admin and admin users are not enforc...

7.6AI score0.02438EPSS
Exploits2References3
Cvelist
Cvelist
added 2023/08/03 12:0 a.m.13 views

CVE-2023-38949

An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request...

7.8AI score0.00355EPSS
Exploits0References1
CVE
CVE
added 2023/08/03 12:0 a.m.2547 views

CVE-2023-38949

CVE-2023-38949 affects ZKTeco BioTime v8.5.5 via a hidden API in the web interface that can be abused by unauthenticated attackers to reset the Administrator password through a crafted request. The root cause is an exposed, unauthenticated password-reset pathway in the BioTime web platform; impac...

7.5CVSS7.5AI score0.00355EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/08/03 12:0 a.m.96 views

CVE-2023-38952

CVE-2023-38952 affects ZKTeco BioTime

7.5CVSS8.2AI score0.02438EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2023/08/03 12:0 a.m.2650 views

CVE-2023-38950

ZKTeco BioTime v8.5.5 is affected by a path traversal vulnerability in the iclock API that allows unauthenticated attackers to read arbitrary files by supplying a crafted payload. This is due to insufficient path validation in the iclock API parameter handling. The issue is fixed in ZKBioTime ver...

7.5CVSS7.9AI score0.8488EPSS
In wildExploits3References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/01 12:0 a.m.5 views

PT-2023-4123 · Zkteco · Zkteco Biotime

Name of the Vulnerable Software and Affected Versions: ZKTeco BioTime version 8.5.5 Description: The issue is related to a hidden API in the ZKTeco BioTime platform, which allows unauthenticated attackers to reset the Administrator password via a crafted web request. This can be exploited by a...

9.4CVSS7.4AI score0.00355EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/08/01 12:0 a.m.2 views

PT-2023-4124

Name of the Vulnerable Software and Affected Versions ZKTeco BioTime version 8.5.5 Description The issue is related to insecure access control in the ZKTeco BioTime platform, which can be exploited by sending a specially crafted HTTP request. This allows an unauthenticated attacker to gain...

7.5CVSS8.6AI score0.02438EPSS
Exploits2References13
Positive Technologies
Positive Technologies
added 2023/08/01 12:0 a.m.4 views

PT-2023-4121

Name of the Vulnerable Software and Affected Versions ZKTeco BioTime version 8.5.5 Description The issue is related to a path traversal vulnerability in the iclock API, which can be exploited by supplying a crafted payload, allowing unauthenticated attackers to read arbitrary files. This...

9.4CVSS7.6AI score0.8488EPSS
Exploits3References23
Positive Technologies
Positive Technologies
added 2023/08/01 12:0 a.m.3 views

PT-2023-4122 · Zkteco · Zkteco Biotime

Name of the Vulnerable Software and Affected Versions: ZKTeco BioTime version 8.5.5 Description: The issue is related to a path traversal vulnerability in the implementation of the SFTP protocol, which can be exploited by an attacker to write arbitrary files. This can be achieved by using a...

9.8CVSS9.2AI score0.03197EPSS
Exploits2References15
Rows per page
Query Builder