Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zktime web vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2017-17057
There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the 'Range' field of the 'Department' module in a Personnel Advanced Query. A remote attacker can execute arbitra...
Zkteco Zktime Web 2.0.1.12280
6
CVSSv2
CVE-2017-13129
Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens.
Zkteco Zktime Web 2.0.1.12280
1 EDB exploit
6.8
CVSSv2
CVE-2017-17056
The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'password_change()' function of the Modify Password component, reachable via the old_password, new_password1, and new_password2 parameters to the /acco...
Zkteco Zktime Web 2.0.1.12280
5
CVSSv2
CVE-2017-14680
ZKTeco ZKTime Web 2.0.1.12280 allows remote malicious users to obtain sensitive employee metadata via a direct request for a PDF document.
Zkteco Zktime Web 2.0.1.12280
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started