27 matches found
EUVD-2023-44564
Malicious code in bioql PyPI...
EUVD-2023-44567
Malicious code in bioql PyPI...
EUVD-2023-44569
Malicious code in bioql PyPI...
EUVD-2023-44566
Malicious code in bioql PyPI...
CVE-2023-3939
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible. This issue affects...
CVE-2023-3940
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to access any file on the system. This issue affects ZkTeco-based OEM devices ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others...
CVE-2023-3943
Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions. This issue affects...
CVE-2023-3943
The CVE-2023-3943 entry describes a stack-based buffer overflow affecting ZkTeco-based OEM devices (e.g., ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME, and potentially others) with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 (and similar versions). The root cause is failure to implement pro...
CVE-2023-3943 Multiple buffer overflow in ZkTeco-based OEM devices
Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions. This issue affects...
CVE-2023-3943 Multiple buffer overflow in ZkTeco-based OEM devices
Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions. This issue affects...
CVE-2023-3942
An 'SQL Injection' vulnerability, due to improper neutralization of special elements used in SQL commands, exists in ZKTeco-based OEM devices. This vulnerability allows an attacker to, in some cases, impersonate another user or perform unauthorized actions. In other instances, it enables the...
CVE-2023-3942 Multiple SQLi in ZkTeco-based OEM devices
An 'SQL Injection' vulnerability, due to improper neutralization of special elements used in SQL commands, exists in ZKTeco-based OEM devices. This vulnerability allows an attacker to, in some cases, impersonate another user or perform unauthorized actions. In other instances, it enables the...
CVE-2023-3942
CVE-2023-3942 is a documented SQL injection in ZKTeco-based OEM devices, caused by improper neutralization of SQL elements. Affected products include ZKTeco ProFace X and Smartec ST-FR043/ST-FR041ME, with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 and related Standalone service 2.1.6-20200907, per m...
CVE-2023-3942 Multiple SQLi in ZkTeco-based OEM devices
An 'SQL Injection' vulnerability, due to improper neutralization of special elements used in SQL commands, exists in ZKTeco-based OEM devices. This vulnerability allows an attacker to, in some cases, impersonate another user or perform unauthorized actions. In other instances, it enables the...
CVE-2023-3940
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to access any file on the system. This issue affects ZkTeco-based OEM devices ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others...
CVE-2023-3941
CVE-2023-3941 describes a Relative Path Traversal vulnerability in ZkTeco-based OEM devices (including ZkTeco ProFace X and Smartec ST-FR043/041ME) affecting firmware with version ZAM170-NF-1.8.25-7354-Ver1.0.0 (and possibly others). The flaw allows an attacker to write arbitrary files on the dev...
CVE-2023-3941 Multiple arbitrary file writes in ZkTeco-based OEM devices
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affects ZkTeco-based OEM devices ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others with the ZAM170-NF-1.8.25-7354-Ver1.0.0...
CVE-2023-3940
CVE-2023-3940 involves a Relative Path Traversal affecting ZkTeco-based OEM devices (notably ZAM170-NF-1.8.25-7354-Ver1.0.0 on ProFace X and related Smartec models). Connected sources describe path traversal in relative path handling that can allow an attacker to access arbitrary files on the dev...
CVE-2023-3940 Multiple arbitrary file reads in ZkTeco-based OEM devices
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to access any file on the system. This issue affects ZkTeco-based OEM devices ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others...
CVE-2023-3939 Multiple command injection in ZkTeco-based OEM devices
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible. This issue affects...