Lucene search
K

4 matches found

NVD
NVD
added 2017/12/04 2:29 p.m.30 views

CVE-2017-17056

The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'passwordchange' function of the Modify Password component, reachable via the oldpassword, newpassword1, and newpassword2 parameters to the /accounts/passwordchange/ URI. An...

8.8CVSS8.7AI score0.00741EPSS
Exploits3References2
CVE
CVE
added 2017/12/04 2:0 p.m.54 views

CVE-2017-17056

The CVE-2017-17056 entry concerns ZKTime Web Software 2.0.1.12280. The vulnerability is a Cross-Site Request Forgery (CSRF) in the Modify Password component’s password_change() function, reachable via old_password/new_password1/new_password2 to /accounts/password_change/. An attacker can craft a ...

8.8CVSS8.7AI score0.00741EPSS
Exploits3References2Affected Software1
0day.today
0day.today
added 2017/12/01 12:0 a.m.86 views

ZKTeco ZKTime Web 2.0.1.12280 Cross Site Request Forgery Vulnerability

Exploit for jsp platform in category web applications 1. Introduction Vendor: ZKTeco Affected Product: ZKTime Web - 2.0.1.12280 Fixed in: Vendor Website: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vulnerability Type: Cross Site Request Forgery Remote Exploitable: Yes CVE: CVE-2017-17056 ...

6.8CVSS8.9AI score0.00741EPSS
Exploits3
Packet Storm
Packet Storm
added 2017/11/30 12:0 a.m.76 views

ZKTeco ZKTime Web 2.0.1.12280 Cross Site Request Forgery

Introduction Vendor: ZKTeco Affected Product: ZKTime Web - 2.0.1.12280 Fixed in: Vendor Website: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vulnerability Type: Cross Site Request Forgery Remote Exploitable: Yes CVE: CVE-2017-17056 2. Product description ZKTime Web 2.0 is a cutting edge...

0.2AI score0.00741EPSS
Exploits3
Rows per page
Query Builder