CVE-2023-38949 - Unauthenticated Admin Password Reset Vulnerability in ZKTeco BioTime v8.5.5
A critical security vulnerability has been discovered in the widely used workforce management tool, ZKTeco BioTime v8.5.5. The hidden API within the product
CVE-2023-38950: ZKTeco BioTime v8.5.5 Path Traversal Vulnerability Exploitation Details and Remediation Steps
A newly discovered path traversal vulnerability, documented as CVE-2023-38950, targets the iclock API of ZKTeco BioTime v8.5.5. When exploited, this vulnerability allows unauthenticated
CVE-2022-38803 - Zkteco BioTime 8.5.3 Vulnerability Exploit: Incorrect Access Control and XSS in PDF Generator
CVE-2022-38803 is a critical security vulnerability found in Zkteco BioTime application, version 8.5.3 Build 20200816.447. This vulnerability allows an authenticated employee to
CVE-2022-38802: Zkteco BioTime < 8.5.3 Build:20200816.447 Incorrect Access Control Exploit
Zkteco BioTime, a popular biometric attendance system, has a critical security vulnerability in versions older than 8.5.3 Build:20200816.447 that allows an
CVE-2022-38801: Zkteco BioTime < 8.5.3 Build:20200816.447 employee session hijack and cookie theft via blind cross-site scripting vulnerability
Summary: In this long read post, we'll go over the exploit details of session hijacking and cookie theft by an employee for administrator
Episode
00:00:00
00:00:00