ZoneMinder Video Server packageControl Command Execution (CVE-2013-0232)

A code execution vulnerability has been reported in ZoneMinder. The vulnerability is due to flaw in the index.php script that is triggered when user supplied input used in the /includes/actions.php file is passed from the 'runeState' parameter to the 'packageControl, which calls exec with user...

CVE-2013-0232

includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 runState parameter in the packageControl function; or 2 key or 3 command parameter in the setDeviceStatusX10 function...

Command injection

includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 runState parameter in the packageControl function; or 2 key or 3 command parameter in the setDeviceStatusX10 function...

DEBIAN-CVE-2013-0232

includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 runState parameter in the packageControl function; or 2 key or 3 command parameter in the setDeviceStatusX10 function...

CVE-2013-0232

includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 runState parameter in the packageControl function; or 2 key or 3 command parameter in the setDeviceStatusX10 function...

ZoneMinder Video Server - packageControl Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'ZoneMinder Video...