CVE-2024-24257
- EPSS 0.21%
- Veröffentlicht 26.07.2024 17:15:11
- Zuletzt bearbeitet 21.11.2024 08:59:04
An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an attacker to obtain sensitive information via a crafted script to the csl/user component.
CVE-2017-17056
- EPSS 0.18%
- Veröffentlicht 04.12.2017 14:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'password_change()' function of the Modify Password component, reachable via the old_password, new_password1, and new_password2 par...
CVE-2017-17057
- EPSS 0.23%
- Veröffentlicht 04.12.2017 14:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the 'Range' field of the 'Department' module in a Personnel Advanced Query. A remote attacker can execu...
- EPSS 0.16%
- Veröffentlicht 26.09.2017 14:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens.
CVE-2017-14680
- EPSS 10.12%
- Veröffentlicht 21.09.2017 23:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document.