22 matches found
CVE-2020-8494
In Kronos Web Time and Attendance webTA 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin privileges to gain unauthorized administrative privileges within the application via the empid, userid, pw...
ZKteco iClock 信息泄露漏洞
ZKTeco iClock is a biometric fingerprint reader for time and attendance and access control applications from ZKTeco, a Chinese company. An information disclosure vulnerability exists in ZKteco iClock version v3.1-168, which originates from the exposure of sensitive information to unauthorized use...
ZKTeco BioTime Password Reset Vulnerability
ZKTeco BioTime is a powerful web-based time and attendance management software from ZKTeco, China. A password reset vulnerability exists in ZKTeco BioTime, which can be exploited by an attacker to arbitrarily reset the administrator's password via a crafted web request...
SmartOffice 安全漏洞
SmartOffice is a time and attendance solution from SmartOffice, Inc. A security vulnerability exists in SmartOffice Web version 20.28 and prior versions. An attacker could exploit the vulnerability to download sensitive information...
Synel Eharmonynew 跨站脚本漏洞
Synel Eharmonynew is a time and attendance system from Synel Israel. A security vulnerability exists in Synel Eharmonynew. An attacker could exploit this vulnerability to conduct cross-site scripting attacks...
The vulnerability of the txtID parameter in the xp_cmdshell procedure of the BillQuick Web Suite’s time and attendance system allows a perpetrator to execute arbitrary code.
The vulnerability of the txtID parameter in the xpcmdshell procedure of the BillQuick Web Suite payroll and accounting system is related to errors during the elimination of special elements in SQL queries. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Unauthorized Access Vulnerability in web3.0 of Central Time Attendance Machine of Entropy Base Technology Co.
Entropy Base Technology Co., Ltd Entropy Base Technology is a national high-tech enterprise specializing in providing smart identity verification, smart entrance/exit management and smart office products and solutions with biometrics as the core technology. Entropy Base Technology Co., Ltd. china...
Weak Password Vulnerability in the web management platform of China Control Time & Attendance Machine
CCTC Intelligent Technology Co., Ltd. generally refers to Entropy Base Technology Co., Ltd. which is a globally recognized company with biometrics as its core technology. A weak password vulnerability exists in the web-based management platform of ZhongControl Time and Attendance Machine, which c...
Arbitrary File Download Vulnerability in Web Management Platform of Time Attendance Machine of China Control
CCTC Intelligent Technology Co., Ltd. generally refers to Entropy Base Technology Co., Ltd. which is a globally recognized company with biometrics as its core technology. An arbitrary file download vulnerability exists in the web management platform of ZhongControl Attendance Machine, which can b...
Cross site scripting
In Kronos Web Time and Attendance webTA 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as an authenticated administrator...
CVE-2020-8493
A stored XSS vulnerability in Kronos Web Time and Attendance webTA affects 3.8.x and later 3.x versions before 4.0 via multiple input fields Login Message, Banner Message, and Password Instructions of the com.threeis.webta.H261configMenu servlet via an authenticated administrator...
CVE-2020-8493
CVE-2020-8493 describes a stored XSS vulnerability in Kronos Web Time and Attendance (webTA). The issue affects version 3.8.x and later 3.x before 4.0 via multiple input fields (Login Message, Banner Message, Password Instructions) of the servlet com.threeis.webta.H261configMenu when accessed by ...
CVE-2020-8494
In Kronos Web Time and Attendance webTA 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin privileges to gain unauthorized administrative privileges within the application via the empid, userid, pw...
CVE-2020-8494
Kronos WebTA (webTA) 3.8.x and 3.x versions prior to 4.0 are affected by CVE-2020-8494 via the com.threeis.webta.H402editUser servlet, allowing a user with Timekeeper, Master Timekeeper, or HR Admin privileges to gain unauthorized administrative privileges through parameters such as emp_id, useri...
CVE-2020-8496
CVE-2020-8496 affects Kronos Web Time and Attendance (webTA). A Stored XSS vulnerability exists in the /ApplicationBanner page triggered by the Application Banner input when the user is an authenticated administrator. The issue affects webTA 4.1.x and later 4.x versions up to, but not including, ...
CVE-2020-8496
In Kronos Web Time and Attendance webTA 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as an authenticated administrator...
FaceSentry Access Control System 6.4.8 - Remote Root Exploit
!/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote Root Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorithm A14...
FaceSentry Access Control System 6.4.8 - Remote SSH Root
!/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote SSH Root Access Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorith...
FaceSentry Access Control System 6.4.8 - Remote Command Injection
FaceSentry Access Control System 6.4.8 Remote Command Injection Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorithm A14 Summary: FaceSentry 5AN is a revolutionar...
SOCA Access Control System 180612 - CSRF (Add Admin) Vulnerability
Exploit for php platform in category web applications SOCA Access Control System 180612 CSRF Add Admin Exploit Vendor: SOCA Technology Co., Ltd Product web page: http://www.socatech.com Affected version: 180612, 170000 and 141007 Summary: The company's products include Proximity and Fingerprint...