31 matches found
EUVD-2016-10819
ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holidayname' and 'memo' POST parameters. Attackers can submit crafted requests with script code i...
EUVD-2016-10805
ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with...
CVE-2016-20032
ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holidayname' and 'memo' POST parameters. Attackers can submit crafted requests with script code i...
CVE-2016-20025
ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with...
ZKTeco ZKAccess Professional 安全漏洞
ZKTeco ZKAccess Professional is an access control software developed by ZKTeco Technology ZKTeco in China. Version 3.5.3 of ZKTeco ZKAccess Professional contains a security vulnerability. This vulnerability stems from insecure file permissions, which may allow verified users to elevate their...
ZKTeco ZKAccess Security System 跨站脚本漏洞
ZKTeco ZKAccess Security System is an access control and security management system developed by ZKTeco Technology. Version 5.3.1 of ZKTeco ZKAccess Security System contains a cross-site scripting vulnerability. This vulnerability arises from improper cleaning of the holidayname and memo POST...
CVE-2016-20032
The CVE-2016-20032 issue affects ZKTeco ZKAccess Security System version 5.3.1. A stored cross-site scripting vulnerability exists in which input supplied to the holiday_name and memo POST parameters is not properly sanitized, allowing an attacker to inject HTML/script that can be executed in a u...
CVE-2016-20032 ZKTeco ZKAccess Security System 5.3.1 Stored XSS
ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holidayname' and 'memo' POST parameters. Attackers can submit crafted requests with script code i...
CVE-2016-20032 ZKTeco ZKAccess Security System 5.3.1 Stored XSS
ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holidayname' and 'memo' POST parameters. Attackers can submit crafted requests with script code i...
CVE-2016-20032
ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holidayname' and 'memo' POST parameters. Attackers can submit crafted requests with script code i...
CVE-2016-20025 ZKTeco ZKAccess Professional 3.5.3 Privilege Escalation via Insecure Permissions
ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with...
CVE-2016-20025
ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with...
CVE-2016-20025 ZKTeco ZKAccess Professional 3.5.3 Privilege Escalation via Insecure Permissions
ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with...
CVE-2016-20025
CVE-2016-20025 affects ZKTeco ZKAccess Professional 3.5.3. The issue is an insecure file-permissions vulnerability where the Modify permission granted to the Authenticated Users group lets authenticated users replace executable binaries, enabling privilege escalation. Documented impact includes p...
PT-2026-25665
ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with...
Directory Traversal Vulnerability in ZKAccess 5.0 Access Control System
ZKAccess 5.0 Access Control System is an access control management software. A directory traversal vulnerability exists in ZKAccess5.0 Access Control Management System. An attacker can exploit the vulnerability to disclose sensitive information such as website accounts...
ZKTeco ZKAccess Professional 3.5.3 Insecure File Permissions
Summary ZKAccess 3.5 is a desktop software which is suitable for small and medium businesses application. Compatible with all ZKAccess standalone reader controllers, the software can simultaneously manage access control and generate attendance report. The brand new flat GUI design and humanized...
ZKTeco ZKAccess Security System 5.3.1 Stored XSS Vulnerability
Summary ZKAccess Systems are built on flexible, open technology to provide management, real-time monitoring, and control of your access control system-all from a browser, with no additional software to install. Our secure Web-hosted infrastructure and centralized online administration reduce your...
ZKTeco ZKAccess Security System 5.3.1 - stored XSS
Application description ZKAccess systems are built on flexible, open technology to provide management, real-time monitoring and control of your access control changes, access via a browser,without the need to install additional software. Security infrastructure devices centralized management,...
ZKTeco ZKAccess Professional 3.5.3 File Elevation of Privilege Vulnerability
ZKTeco ZKAccess Professional is an access control system. ZKTeco ZKAccess Professional 3.5.3 File Elevation of Privilege Vulnerability, which occurs due to incorrect privileges of an authenticated user with the 'M' flag...