CVE-2016-20024 ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation

ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with...

EUVD-2017-8223

Malware in sbrugna...

EUVD-2021-25792

Malware in sbrugna...

EUVD-2017-8224

Malware in sbrugna...

CVE-2017-14680

ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document...

Logic Flaw Vulnerability in ZKTime Attendance Management System at Entropy Base Technology Co.

Ltd. is a global provider of products and solutions based on "People, Vehicles and Things" access time and security management system. A logic flaw exists in the ZKTime Time and Attendance Management System of Entropy Base Technology, which can be exploited by attackers to obtain sensitive...

CVE-2021-39434

A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220...

CVE-2021-39434

A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220...

Default credentials

A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220...

CVE-2021-39434

The CVE-2021-39434 entry concerns ZKTeco ZKTime versions 10.0 through 11.1.0 with a default administrator username/password. The root cause is the use of default credentials, enabling network access with admin rights and potentially exposing sensitive information. Documented impact is high confid...

CVE-2021-39434

A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220...

CVE-2021-39434

A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220...

PT-2022-10917 · Zkteco · Zktime

Name of the Vulnerable Software and Affected Versions: ZKTeco ZKTime versions 10.0 through 11.1.0 Description: A default username and password for an administrator account was discovered. Recommendations: For ZKTeco ZKTime versions 10.0 through 11.1.0, consider changing the default administrator...

Unauthorized Access Vulnerability in ZKTime Web Software

ZKTime Web Software is a web-based service management system for ZKTime. An unauthorized access vulnerability exists in ZKTime Web Software, which can be exploited by an attacker to unauthorizedly download a dat backup file containing sensitive database information...

Weak Password Vulnerability in ZKTime Attendance Management System

ZKTime Attendance Management System is an attendance software. ZKTime Attendance Management System suffers from a weak password vulnerability. An attacker can exploit this vulnerability to obtain sensitive information...

ZKTeco ZKTime Web Multiple Vulnerabilities

ZKTeco ZKTime Web is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zkteco:zktimeweb";...

ZKTeco ZKTime Web Detection

Detection of ZKTeco ZKTime Web. The script sends a connection request to the server and attempts to detect ZKTeco ZKTime Web and to extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

CVE-2017-17056

The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'passwordchange' function of the Modify Password component, reachable via the oldpassword, newpassword1, and newpassword2 parameters to the /accounts/passwordchange/ URI. An...

CVE-2017-17057

There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the 'Range' field of the 'Department' module in a Personnel Advanced Query. A remote attacker can execute arbitrary HTML and script code in the browse...

Design/Logic Flaw

The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'passwordchange' function of the Modify Password component, reachable via the oldpassword, newpassword1, and newpassword2 parameters to the /accounts/passwordchange/ URI. An...