10 matches found
EUVD-2023-44564
Malicious code in bioql PyPI...
CVE-2023-3943 Multiple buffer overflow in ZkTeco-based OEM devices
Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions. This issue affects...
CVE-2023-3941 Multiple arbitrary file writes in ZkTeco-based OEM devices
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affects ZkTeco-based OEM devices ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others with the ZAM170-NF-1.8.25-7354-Ver1.0.0...
CVE-2023-3940 Multiple arbitrary file reads in ZkTeco-based OEM devices
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to access any file on the system. This issue affects ZkTeco-based OEM devices ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others...
CVE-2023-3940
CVE-2023-3940 involves a Relative Path Traversal affecting ZkTeco-based OEM devices (notably ZAM170-NF-1.8.25-7354-Ver1.0.0 on ProFace X and related Smartec models). Connected sources describe path traversal in relative path handling that can allow an attacker to access arbitrary files on the dev...
CVE-2023-3939
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible. This issue affects...
CVE-2023-3939 Multiple command injection in ZkTeco-based OEM devices
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible. This issue affects...
CVE-2023-3938 Bypassing ZkTeco-based OEM devices/ZKTeco biometric authentication system via SQLi in QR code
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database. This issue affects ZkTeco-based OEM devices ZkTeco ProFace X, Smartec ST-FR043, Smartec...
CVE-2023-3938 Bypassing ZkTeco-based OEM devices/ZKTeco biometric authentication system via SQLi in QR code
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database. This issue affects ZkTeco-based OEM devices ZkTeco ProFace X, Smartec ST-FR043, Smartec...
CVE-2020-5615
The CVE-2020-5615 entry concerns CSRF in Calendar01 free edition ver1.0.0 and Calendar02 free edition ver1.0.0 that can allow remote attackers to hijack administrator authentication via unspecified vectors. Public sources in the connected documents identify affected products as Calendar01 and Cal...