Lucene search
K

7 matches found

CVE
CVE
added 2024/10/09 12:0 a.m.58 views

CVE-2024-45179

The CVE affects za-internet C-MOR Video Surveillance versions 5.2401–6.00PL01. Root cause: insufficient input validation in the web interface enables OS command injection via HTTP POST data. Notable vulnerable components include generatesslreq.pml (allows low-privileged authenticated users to run...

7.2CVSS7.9AI score0.02612EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2024/09/05 4:15 p.m.9 views

CVE-2024-45171

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to upload dangerous files, for instance PHP code, to the C-MOR system. By analyzing the C-MOR web interface, it was found out that the upload functionality for backup file...

8.8CVSS0.00921EPSS
Exploits2References3
NVD
NVD
added 2024/09/05 3:15 p.m.10 views

CVE-2024-45178

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to download arbitrary files from the C-MOR system via a path traversal attack. It was found out that different functionalities are vulnerable to path traversal attacks, du...

7.1CVSS0.01267EPSS
Exploits2References3
Cvelist
Cvelist
added 2024/09/05 12:0 a.m.31 views

CVE-2024-45176

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper input validation, the C-MOR web interface is vulnerable to reflected cross-site scripting XSS attacks. It was found out that different functions are prone to reflected cross-site scripting attacks due to...

0.00942EPSS
Exploits2References2
NVD
NVD
added 2024/09/04 5:15 p.m.10 views

CVE-2024-45170

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only available to administrative users. However, acces...

8.1CVSS0.00648EPSS
Exploits2References3
CVE
CVE
added 2024/09/04 12:0 a.m.52 views

CVE-2024-45177

za-internet C-MOR Video Surveillance versions 5.2401–6.00PL01 are vulnerable to persistent cross-site scripting via the web interface due to inadequate input validation. The PT Security advisory notes this can allow remote script injection. Remediation: apply the patch for 5.2401 and 6.00PL01; up...

5.4CVSS6AI score0.00773EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/04 12:0 a.m.8 views

CVE-2024-45172

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to missing protection mechanisms, the C-MOR web interface is vulnerable to cross-site request forgery CSRF attacks. The C-MOR web interface offers no protection against cross-site request forgery CSRF attacks...

7AI score0.0037EPSS
Exploits2References2
Rows per page
Query Builder