Uniong WebITR SQL注入漏洞

Uniong WebITR is an online time and attendance system from China Kaifa Uniong. Uniong WebITR suffers from a SQL injection vulnerability that originates from SQL injection, which allows remote attackers to inject arbitrary SQL commands to read database contents...

Uniong WebITR SQL注入漏洞

Uniong WebITR is an online time and attendance system from China Kaifa Uniong. Uniong WebITR suffers from a SQL injection vulnerability that originates from SQL injection, which allows remote attackers to inject arbitrary SQL commands to read database contents...

Uniong WebITR 安全漏洞

Uniong WebITR is an online time and attendance system from China Kaifa Uniong. A security vulnerability exists in Uniong WebITR that originates from an authentication bypass that allows remote attackers to log in as an arbitrary user by modifying specific parameters...

EUVD-2020-29360

Malware in sbrugna...

EUVD-2020-29362

Malware in sbrugna...

CVE-2020-8493

A stored XSS vulnerability in Kronos Web Time and Attendance webTA affects 3.8.x and later 3.x versions before 4.0 via multiple input fields Login Message, Banner Message, and Password Instructions of the com.threeis.webta.H261configMenu servlet via an authenticated administrator...

CVE-2020-8495

In Kronos Web Time and Attendance webTA 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application via the delegate, delegateRole, and...

Peplink Smart Reader 操作系统命令注入漏洞

Peplink Smart Reader is a smart reader from Peplink Inc. It is used for employee time and attendance. An operating system command injection vulnerability exists in Peplink Smart Reader v1.2.0, which stems from the presence of an operating system command injection vulnerability that could lead to...

ZKTeco BioTime Path Traversal Vulnerability

ZKTeco BioTime is a powerful web-based time and attendance management software from the Chinese company ZKTeco. A path traversal vulnerability exists in ZKTeco BioTime v8.5.5 that could allow an unauthenticated attacker to arbitrarily reset the administrator password via a crafted web request...

Synel Industries SYnergy Fingerprint Terminals 操作系统命令注入漏洞

Synel Industries SYnergy Fingerprint Terminals are a series of fingerprint recognition terminals from Synel Industries. These terminals are designed to provide an efficient employee time and attendance and access control solution that utilizes fingerprint recognition technology for fast and...

ZKTeco ZEM/ZMM 8.88 - Missing Authentication Vulnerability

Exploit Title: ZKTeco ZEM/ZMM 8.88 - Missing Authentication Exploit Author: RedTeam Pentesting GmbH CVE: CVE-2022-42953 Advisory: Missing Authentication in ZKTeco ZEM/ZMM Web Interface The ZKTeco time attendance device does not require authentication to use the web interface, exposing the databas...

ZKTeco ZEM/ZMM 8.88 - Missing Authentication

Exploit Title: ZKTeco ZEM/ZMM 8.88 - Missing Authentication Exploit Author: RedTeam Pentesting GmbH CVE: CVE-2022-42953 Advisory: Missing Authentication in ZKTeco ZEM/ZMM Web Interface The ZKTeco time attendance device does not require authentication to use the web interface, exposing the databas...

CVE-2022-38802

Zkteco BioTime 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as a PDF...

ZKTeco ZEM/ZMM Web Interface 安全漏洞

The ZKTeco ZEM/ZMM Web Interface is a web interface for time and attendance devices from the Chinese company ZKTeco. A security vulnerability exists in the ZKTeco ZEM/ZMM Web Interface that stems from a missing authentication issue...

ZKSecurity BIO 3.0.5.0_R Privilege Escalation

ADVISORY INFORMATION Product: ZKSecurity BIO Vendor: ZKTeco Version Affected: 3.0.5.0R CVE: CVE-2022-36634 Vulnerability: User privilege escalation CREDIT This vulnerability was discovered and researched by Caio Burgardt and Silton Santos. INTRODUCTION Based on the hybrid biometric technology and...

NCH FlexiServer 路径遍历漏洞

NCH FlexiServer is a functional time and attendance software.NCH FlexiServer has a directory traversal vulnerability, which originates from the product's syslog?file=/... Failure to filter special characters, an attacker can use this vulnerability to obtain sensitive information...

SQL Injection Vulnerability in Dr.ID Access Control and Time Attendance System of ZTE Security Co.

Dr.ID Access Control & Time Attendance System is a system of ZTE Security Co. Dr.ID Access Control & Attendance System of ZTE Security Co. Ltd. suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...

Magic Point Access Control and Time Attendance has an override access vulnerability

Hangzhou Magic Point Technology Co., Ltd. is a technology-based enterprise combining artificial intelligence technology and industry applications, focusing on face recognition technology scenario-based applications and solutions. Magic Point Access Control Attendance has an override access...

SOCA Access Control System 180612 Information Disclosure

Summary The company's products include proximity and fingerprint access control system, time and attendance, electric locks, card reader and writer, keyless entry system and other 30 specialized products. All products are attractively designed with advanced technology in accordance with users'...

Weak Password Vulnerability in iClock Series Data Services of Zhongguancun Attendance Management System

Ltd. is the sales and service organization in Shanghai of the famous biometrics and RFID products provider, China Control Technology. A weak password vulnerability exists in the iClock series of data services of the Time and Attendance Management System TAMS, which can be exploited by attackers t...