ZKBioSecurity suffers from multiple reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can…
>> CATEGORY: exploit
The ZKBioSecurity solution suffers from a use of hard-coded credentials. The application comes bundled with a pre-configured apache tomcat server and an exposed ‘manager’ application that after authenticating with the…
ZKAccess suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability…
ZKTime.Net suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist…
CactuShop version 7 suffers from a database disclosure vulnerability.
Joomla JSJobs component version 1.0.7.5 suffers from a remote SQL injection vulnerability.
Avira’s free antivirus package installers suffer from a dll hijacking vulnerability.
PHP version 5.0.0 suffers from imap_mail(), hw_docbyanchor(), html_doc_file(), snmpset(), snmprealwalk(), snmpwalk(), fbird_[p]connect(), and snmpwalkoid() denial of service vulnerabilities.
CryptWare CryptoPro Secure Disk for Bitlocker version 5.1.0.6474 suffers from flaws that allows a malicious party to attack the boot process and backdoor the system to steal login credentials, the…
ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a user enumeration weakness vulnerability.