13 matches found
EUVD-2017-8224
Malware in sbrugna...
Cross site scripting
There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the 'Range' field of the 'Department' module in a Personnel Advanced Query. A remote attacker can execute arbitrary HTML and script code in the browse...
CVE-2017-17057
There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the 'Range' field of the 'Department' module in a Personnel Advanced Query. A remote attacker can execute arbitrary HTML and script code in the browse...
CVE-2017-17057
There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the 'Range' field of the 'Department' module in a Personnel Advanced Query. A remote attacker can execute arbitrary HTML and script code in the browse...
CVE-2017-17057
CVE-2017-17057 : A reflected Cross-Site Scripting (XSS) in ZKTeco ZKTime Web 2.0.1.12280, specifically in the Department moduleβs Range field of Personnel Advanced Query. The issue arises from insufficient filtration of user-supplied data, allowing remote attackers to inject arbitrary HTML/JavaSc...
ZKTeco ZKTime Web 2.0.1.12280 Cross Site Request Forgery Vulnerability
Exploit for jsp platform in category web applications 1. Introduction Vendor: ZKTeco Affected Product: ZKTime Web - 2.0.1.12280 Fixed in: Vendor Website: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vulnerability Type: Cross Site Request Forgery Remote Exploitable: Yes CVE: CVE-2017-17056 ...
ZKTeco ZKTime Web 2.0.1.12280 Cross Site Request Forgery
Introduction Vendor: ZKTeco Affected Product: ZKTime Web - 2.0.1.12280 Fixed in: Vendor Website: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vulnerability Type: Cross Site Request Forgery Remote Exploitable: Yes CVE: CVE-2017-17056 2. Product description ZKTime Web 2.0 is a cutting edge...
ZKTeco ZKTime Web 2.0.1.12280 Cross Site Scripting
Introduction Vendor: ZKTeco Affected Product: ZKTime Web - 2.0.1.12280 Fixed in: Vendor Website: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vulnerability Type: Reflected XSS Remote Exploitable: Yes CVE: CVE-2017-17057 2. Overview There is a reflected XSS vulnerability in ZKTime Web. The...
ZKTeco ZKTime Web Cross Site Request Forgery (CVE-2017-13129)
A Cross Site Request Forgery vulnerability exists in ZKTime Web. The vulnerability is due to lack of protections mechanisms in place to block any kind of forged requests. unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target system...
CVE-2017-13129
Cross-site request forgery CSRF vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens...
Design/Logic Flaw
ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document...
ZKTeco ZKTime Web 2.0.1.12280 Information Disclosure
Vulnerability Type: Broken Authentication Vendor of Product: ZKTeco Affected Product Code Base: ZKTime Web - 2.0.1.12280 Affected Component: ZK Time Web Interface Management. Attack Type: Local - Unauthenticated Impact: Information Disclosure ------------------------------------------ Product...
ZKTeco ZKTime Web 2.0.1.12280 Cross Site Request Forgery
Vulnerability Type: Cross Site Request Forgery CSRF Vendor of Product: ZKTeco Affected Product Code Base: ZKTime Web - 2.0.1.12280 Affected Component: ZK Time Web Interface Management. Attack Type: Local - Authenticated Impact: Escalation of Privileges ------------------------------------------...