Skip to content

Instantly share code, notes, and snippets.

View hamoshwani's full-sized avatar

Ahmad kamaran hamoshwani

View GitHub Profile
@hamoshwani
hamoshwani / CVE-2022-38803
Created September 27, 2022 19:28
Employee can exploit XSS into local file read using PDF generator in Zkteco Biotime
Security Advisory
Topic: Employee can exploit XSS into local file read using PDF generator in Zkteco Biotime
Category: Zkteco Biotime
Module: webgui
Announced: 01-09-2022
Credits: Ahmed Kameran From https://technobase.krd/ -- https://twitter.com/hamoshwani
CVE ID: CVE-2022-38803
Affects: BioTime - < 8.5.3 Build:20200816.447
@hamoshwani
hamoshwani / CVE-2022-38802
Last active January 25, 2023 05:21
Administrator can exploit XSS into local file read using PDF generator in Zkteco Biotime
Security Advisory
Topic: Administrator can exploit XSS into local file read using PDF generator in Zkteco Biotime
Category: Zkteco Biotime
Module: webgui
Announced: 01-09-2022
Credits: Ahmed Kameran From https://technobase.krd/ -- https://twitter.com/hamoshwani
CVE ID: CVE-2022-38802
Affects: BioTime - < 8.5.3 Build:20200816.447
@hamoshwani
hamoshwani / CVE-2022-38801
Last active September 27, 2022 19:19
Employee can hijack an administrator session and cookies using blind cross-site scripting in Zkteco Biotime
Security Advisory
Topic: Employee can hijack an administrator session and cookies using blind cross-site scripting in Zkteco Biotime
Category: Zkteco Biotime
Module: webgui
Announced: 01-09-2022
Credits: Ahmed Kameran From https://technobase.krd/ -- https://twitter.com/hamoshwani
CVE ID: CVE-2022-38801
Affects: BioTime - < 8.5.3 Build:20200816.447