Lucene search
K

22 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 1:20 p.m.15 views

CVE-2020-8494

In Kronos Web Time and Attendance webTA 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin privileges to gain unauthorized administrative privileges within the application via the empid, userid, pw...

8.8CVSS6.9AI score0.01107EPSS
Exploits5References1
CNNVD
CNNVD
added 2024/10/06 12:0 a.m.5 views

ZKteco iClock 信息泄露漏洞

ZKTeco iClock is a biometric fingerprint reader for time and attendance and access control applications from ZKTeco, a Chinese company. An information disclosure vulnerability exists in ZKteco iClock version v3.1-168, which originates from the exposure of sensitive information to unauthorized use...

4.3CVSS6.1AI score0.00282EPSS
Exploits0References2
CNVD
CNVD
added 2023/08/07 12:0 a.m.45 views

ZKTeco BioTime Password Reset Vulnerability

ZKTeco BioTime is a powerful web-based time and attendance management software from ZKTeco, China. A password reset vulnerability exists in ZKTeco BioTime, which can be exploited by an attacker to arbitrarily reset the administrator's password via a crafted web request...

7.5CVSS6.8AI score0.00355EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/02/28 12:0 a.m.6 views

SmartOffice 安全漏洞

SmartOffice is a time and attendance solution from SmartOffice, Inc. A security vulnerability exists in SmartOffice Web version 20.28 and prior versions. An attacker could exploit the vulnerability to download sensitive information...

7.5CVSS7.3AI score0.59407EPSS
Exploits5References6
CNNVD
CNNVD
added 2022/09/13 12:0 a.m.3 views

Synel Eharmonynew 跨站脚本漏洞

Synel Eharmonynew is a time and attendance system from Synel Israel. A security vulnerability exists in Synel Eharmonynew. An attacker could exploit this vulnerability to conduct cross-site scripting attacks...

6.5CVSS5.5AI score0.00363EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/11/10 12:0 a.m.6 views

The vulnerability of the txtID parameter in the xp_cmdshell procedure of the BillQuick Web Suite’s time and attendance system allows a perpetrator to execute arbitrary code.

The vulnerability of the txtID parameter in the xpcmdshell procedure of the BillQuick Web Suite payroll and accounting system is related to errors during the elimination of special elements in SQL queries. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.5AI score0.73269EPSS
Exploits3References4Affected Software1
CNVD
CNVD
added 2021/07/02 12:0 a.m.15 views

Unauthorized Access Vulnerability in web3.0 of Central Time Attendance Machine of Entropy Base Technology Co.

Entropy Base Technology Co., Ltd Entropy Base Technology is a national high-tech enterprise specializing in providing smart identity verification, smart entrance/exit management and smart office products and solutions with biometrics as the core technology. Entropy Base Technology Co., Ltd. china...

6.8AI score
Exploits0
CNVD
CNVD
added 2021/06/23 12:0 a.m.13 views

Weak Password Vulnerability in the web management platform of China Control Time & Attendance Machine

CCTC Intelligent Technology Co., Ltd. generally refers to Entropy Base Technology Co., Ltd. which is a globally recognized company with biometrics as its core technology. A weak password vulnerability exists in the web-based management platform of ZhongControl Time and Attendance Machine, which c...

7AI score
Exploits0
CNVD
CNVD
added 2021/06/23 12:0 a.m.12 views

Arbitrary File Download Vulnerability in Web Management Platform of Time Attendance Machine of China Control

CCTC Intelligent Technology Co., Ltd. generally refers to Entropy Base Technology Co., Ltd. which is a globally recognized company with biometrics as its core technology. An arbitrary file download vulnerability exists in the web management platform of ZhongControl Attendance Machine, which can b...

7AI score
Exploits0
Prion
Prion
added 2020/01/30 10:15 p.m.16 views

Cross site scripting

In Kronos Web Time and Attendance webTA 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as an authenticated administrator...

3.5CVSS4.8AI score0.00548EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/01/30 9:18 p.m.13 views

CVE-2020-8493

A stored XSS vulnerability in Kronos Web Time and Attendance webTA affects 3.8.x and later 3.x versions before 4.0 via multiple input fields Login Message, Banner Message, and Password Instructions of the com.threeis.webta.H261configMenu servlet via an authenticated administrator...

6.9CVSS5.5AI score0.01494EPSS
Exploits5References3
CVE
CVE
added 2020/01/30 9:18 p.m.107 views

CVE-2020-8493

CVE-2020-8493 describes a stored XSS vulnerability in Kronos Web Time and Attendance (webTA). The issue affects version 3.8.x and later 3.x before 4.0 via multiple input fields (Login Message, Banner Message, Password Instructions) of the servlet com.threeis.webta.H261configMenu when accessed by ...

6.9CVSS6AI score0.01494EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2020/01/30 9:18 p.m.44 views

CVE-2020-8494

In Kronos Web Time and Attendance webTA 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin privileges to gain unauthorized administrative privileges within the application via the empid, userid, pw...

7.5CVSS8.8AI score0.01107EPSS
Exploits5References2
CVE
CVE
added 2020/01/30 9:18 p.m.104 views

CVE-2020-8494

Kronos WebTA (webTA) 3.8.x and 3.x versions prior to 4.0 are affected by CVE-2020-8494 via the com.threeis.webta.H402editUser servlet, allowing a user with Timekeeper, Master Timekeeper, or HR Admin privileges to gain unauthorized administrative privileges through parameters such as emp_id, useri...

8.8CVSS8.7AI score0.01107EPSS
Exploits5References2Affected Software1
CVE
CVE
added 2020/01/30 9:17 p.m.69 views

CVE-2020-8496

CVE-2020-8496 affects Kronos Web Time and Attendance (webTA). A Stored XSS vulnerability exists in the /ApplicationBanner page triggered by the Application Banner input when the user is an authenticated administrator. The issue affects webTA 4.1.x and later 4.x versions up to, but not including, ...

6.9CVSS4.8AI score0.00548EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/01/30 9:17 p.m.19 views

CVE-2020-8496

In Kronos Web Time and Attendance webTA 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as an authenticated administrator...

6.9CVSS4.9AI score0.00548EPSS
Exploits1References2
Exploit DB
Exploit DB
added 2019/07/01 12:0 a.m.111 views

FaceSentry Access Control System 6.4.8 - Remote Root Exploit

!/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote Root Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorithm A14...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/07/01 12:0 a.m.152 views

FaceSentry Access Control System 6.4.8 - Remote SSH Root

!/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote SSH Root Access Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorith...

7.8CVSS7.8AI score0.0117EPSS
Exploits12
Exploit DB
Exploit DB
added 2019/07/01 12:0 a.m.115 views

FaceSentry Access Control System 6.4.8 - Remote Command Injection

FaceSentry Access Control System 6.4.8 Remote Command Injection Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorithm A14 Summary: FaceSentry 5AN is a revolutionar...

7AI score
Exploits0
0day.today
0day.today
added 2019/05/13 12:0 a.m.82 views

SOCA Access Control System 180612 - CSRF (Add Admin) Vulnerability

Exploit for php platform in category web applications SOCA Access Control System 180612 CSRF Add Admin Exploit Vendor: SOCA Technology Co., Ltd Product web page: http://www.socatech.com Affected version: 180612, 170000 and 141007 Summary: The company's products include Proximity and Fingerprint...

7.1AI score
Exploits0
Rows per page
Query Builder