Posts

ZKTeco BioTime Missing Authentication
ZKTeco BioTime Missing …

During a recent penetration test, I stumbled upon an instance of the ZKTeco BioTime web application. This application was linked to a time punch clock taking pictures of employees. The management can then analyse these pictures through the web application or an app. Through some directory fuzzing, I …

Tangro BWF Multiple Vulnerabilties
Tangro BWF Multiple …

Key Value Product Tangro BWF Vendor tangro software components GmbH (Heidelberg, Germany) Tested Version 1.17.5 Fixed Version 1.18.1 Mitigation Update to version >= 1.18.1 Adding Attachments to Arbitrary Workitem Key Value Vulnerability Type Insecure Direct Object Reference CVSSv3 Severity …

ActFax Local Privilege Escalation
ActFax Local Privilege …

ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client\, %PROGRAMFILES%\ActiveFax\Install\ and %PROGRAMFILES%\ActiveFax\Terminal\. The folder permissions allow Full Control to Everyone. …