EUVD-2024-35117

Malicious code in bioql PyPI...

ZKTeco BioAccess IVS Information Disclosure Vulnerability

ZKTeco BioAccess IVS is a lite web-based security platform from ZKTeco, China. An information disclosure vulnerability exists in ZKTeco BioAccess IVS, which can be exploited by an attacker to obtain sensitive information about all managed devices...

PT-2022-26740 · Unknown · Web-Based Student Clearance System

Name of the Vulnerable Software and Affected Versions: Web-Based Student Clearance System version 1.0 Description: A cross-site scripting XSS issue exists in the /admin/edit-admin.php endpoint, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the...

ZKSecurity BIO 3.0.5.0_R Privilege Escalation Vulnerability

ADVISORY INFORMATION Product: ZKSecurity BIO Vendor: ZKTeco Version Affected: 3.0.5.0R CVE: CVE-2022-36634 Vulnerability: User privilege escalation CREDIT This vulnerability was discovered and researched by Caio Burgardt and Silton Santos. INTRODUCTION Based on the hybrid biometric technology and...

ZKSecurity BIO 4.1.2 SQL Injection / Code Execution Vulnerabilities

ADVISORY INFORMATION Product: ZKSecurity BIO Vendor: ZKTeco https://www.zkteco.com/en/ZKBiosecurity/ZKBioSecurityV50004.1.2 Version Affected: 4.1.2 CVE: CVE-2022-36635 Vulnerability: SQL Injection with a plus: RCE CREDIT This vulnerability was discovered and researched by Caio Burgardt and Silton...

ZKSecurity BIO 3.0.5.0_R Privilege Escalation

ADVISORY INFORMATION Product: ZKSecurity BIO Vendor: ZKTeco Version Affected: 3.0.5.0R CVE: CVE-2022-36634 Vulnerability: User privilege escalation CREDIT This vulnerability was discovered and researched by Caio Burgardt and Silton Santos. INTRODUCTION Based on the hybrid biometric technology and...

ZKSecurity BIO 4.1.2 SQL Injection / Code Execution

ADVISORY INFORMATION Product: ZKSecurity BIO Vendor: ZKTeco https://www.zkteco.com/en/ZKBiosecurity/ZKBioSecurityV50004.1.2 Version Affected: 4.1.2 CVE: CVE-2022-36635 Vulnerability: SQL Injection with a plus: RCE CREDIT This vulnerability was discovered and researched by Caio Burgardt and Silton...

Suprema BioStar 2安全漏洞

Suprema BioStar 2 is a web-based biometric security smart lock platform from Suprema Korea. A security vulnerability exists in Suprema BioStar 2 version v2.8.16, which can be exploited by an attacker to elevate privileges to the system administrator via a crafted PUT request on the configuration...

ZKTeco ZKBioSecurity 3.0 Multiple XSS Vulnerabilities

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

ZKTeco ZKBioSecurity 3.0 - visLogin.jsp Local Authentication Bypass

ZKTeco ZKBioSecurity 3.0 - visLogin.jsp Local Authentication Bypass ZKTeco ZKBioSecurity 3.0 visLogin.jsp Local Authorization Bypass Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform:...

ZKTeco ZKBioSecurity 3.0 File Path Manipulation

i? ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator:...

ZKTeco ZKBioSecurity 3.0 User Enumeration Weakness

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

ZKTeco ZKBioSecurity 3.0 - Cross-Site Request Forgery (Add Superadmin)

!-- ZKTeco ZKBioSecurity 3.0 CSRF Add Superadmin Exploit Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator: 2.0.1.0R777...

ZKTeco ZKBioSecurity 3.0 Multiple XSS Vulnerabilities

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

ManageEngine AssetExplorer Detection

The remote web server hosts ManageEngine AssetExplorer, a web-based asset management application. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid63692; scriptversion"1.6";...