72 matches found
EUVD-2024-41354
Malicious code in bioql PyPI...
CVE-2024-45179
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insufficient input validation, the C-MOR web interface is vulnerable to OS command injection attacks. It was found out that different functionality is vulnerable to OS command injection attacks, for exampl...
CVE-2024-45172
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to missing protection mechanisms, the C-MOR web interface is vulnerable to cross-site request forgery CSRF attacks. The C-MOR web interface offers no protection against cross-site request forgery CSRF attacks...
CVE-2024-45176
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper input validation, the C-MOR web interface is vulnerable to reflected cross-site scripting XSS attacks. It was found out that different functions are prone to reflected cross-site scripting attacks due to...
CVE-2024-45175
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Sensitive information is stored in cleartext. It was found out that sensitive information, for example login credentials of cameras, is stored in cleartext. Thus, an attacker with filesystem access, for example exploiting a...
CVE-2024-45171
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to upload dangerous files, for instance PHP code, to the C-MOR system. By analyzing the C-MOR web interface, it was found out that the upload functionality for backup file...
CVE-2024-45174
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper validation of user-supplied data, different functionalities of the C-MOR web interface are vulnerable to SQL injection attacks. This kind of attack allows an authenticated user to execute arbitrar...
CVE-2024-45170
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only available to administrative users. However, acces...
CVE-2024-45178
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to download arbitrary files from the C-MOR system via a path traversal attack. It was found out that different functionalities are vulnerable to path traversal attacks, du...
CVE-2024-45173
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper privilege management concerning sudo privileges, C-MOR is vulnerable to a privilege escalation attack. The Linux user www-data running the C-MOR web interface can execute some OS commands as root via Sudo...
CVE-2024-45177
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper input validation, the C-MOR web interface is vulnerable to persistent cross-site scripting XSS attacks. It was found out that the camera configuration is vulnerable to a persistent cross-site...
CVE-2024-45179
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insufficient input validation, the C-MOR web interface is vulnerable to OS command injection attacks. It was found out that different functionality is vulnerable to OS command injection attacks, for exampl...
CVE-2024-45179
The CVE affects za-internet C-MOR Video Surveillance versions 5.2401–6.00PL01. Root cause: insufficient input validation in the web interface enables OS command injection via HTTP POST data. Notable vulnerable components include generatesslreq.pml (allows low-privileged authenticated users to run...
CVE-2024-45179
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insufficient input validation, the C-MOR web interface is vulnerable to OS command injection attacks. It was found out that different functionality is vulnerable to OS command injection attacks, for exampl...
CVE-2024-45179
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insufficient input validation, the C-MOR web interface is vulnerable to OS command injection attacks. It was found out that different functionality is vulnerable to OS command injection attacks, for exampl...
C-MOR Video Surveillance 5.2401 / 6.00PL01 SQL Injection
Advisory ID: SYSS-2024-023 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401, 6.00PL01 Tested Versions: 5.2401, 6.00PL01 Vulnerability Type: SQL Injection CWE-89 Risk Level: High Solution Status: Open Manufacturer Notification: 2024-04-05 Solution Date: -...
C-MOR Video Surveillance 5.2401 / 6.00PL01 Privilege Escalation
Advisory ID: SYSS-2024-027 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401, 6.00PL01 Tested Versions: 5.2401, 6.00PL01 Vulnerability Type: Improper Privilege Management CWE-269 Risk Level: High Solution Status: Open Manufacturer Notification: 2024-04-05...
C-MOR Video Surveillance 5.2401 Path Traversal
Advisory ID: SYSS-2024-025 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401 Tested Versions: 5.2401 Vulnerability Type: Relative Path Traversal CWE-23 Risk Level: High Solution Status: Fixed Manufacturer Notification: 2024-04-05 Solution Date: 2024-07-31...
C-MOR Video Surveillance 5.2401 Remote Shell Upload
Advisory ID: SYSS-2024-026 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401 Tested Versions: 5.2401 Vulnerability Type: Unrestricted Upload of File with Dangerous Type CWE-434 Risk Level: High Solution Status: Fixed Manufacturer Notification: 2024-04-05...
C-MOR Video Surveillance 5.2401 / 6.00PL01 Cross Site Request Forgery
Advisory ID: SYSS-2024-022 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401, 6.00PL01 Tested Versions: 5.2401, 6.00PL01 Vulnerability Type: Cross-Site Request Forgery CWE-352 Risk Level: Medium Solution Status: Open Manufacturer Notification: 2024-04-05...