CVE-2016-10206

Cross-site request forgery CSRF vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php...

CVE-2016-10201

Cross-site scripting XSS vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php...

CVE-2016-10204

SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php...

CVE-2016-10206

Cross-site request forgery CSRF vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php...

CVE-2016-10202

Cross-site scripting XSS vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php...

CVE-2016-10203

Cross-site scripting XSS vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor...

CVE-2016-10205

Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie...

CVE-2016-10204

SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php...

CVE-2016-10205

CVE-2016-10205 affects ZoneMinder 1.30 and earlier, enabling session fixation via the ZMSESSID cookie and allowing remote attackers to hijack web sessions. Multiple connected advisories confirm ZoneMinder 1.30.x and earlier are vulnerable, with CCSS/impact noted as high. Remediation is through ve...

CVE-2016-10202

CVE-2016-10202 is a cross-site scripting (XSS) vulnerability in ZoneMinder 1.30 and earlier, exploitable by remote attackers via the path info parameter to index.php. Connected sources confirm ZoneMinder versions affected and describe the underlying issue as unfiltered or injectable input leading...

CVE-2016-10206

CVE-2016-10206 is a CSRF vulnerability in ZoneMinder v1.30 and earlier that allows remote attackers to hijack user authentication via crafted requests to index.php (e.g., changing passwords). The Mageia advisory notes mitigations (ENABLE_CSRF_MAGIC) and updated configurations; no explicit exploit...

CVE-2016-10204

CVE-2016-10204 is a SQL injection vulnerability in ZoneMinder 1.30 and earlier, allowing remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php. A concrete PoC exploit exists (CVE-2016-10204_Webshell) demonstrating manual exploitation and PH...

CVE-2016-10203

CVE-2016-10203 is an XSS in Zoneminder 1.30 and earlier. The vulnerability lets an attacker inject arbitrary web script or HTML via the name when creating a new monitor, potentially affecting users interacting with the web UI. Public entries repeatedly reference Zoneminder 1.30 and earlier as aff...

CVE-2016-10201

ZoneMinder 1.30 and earlier is affected by CVE-2016-10201, a Cross-site Scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php. The issue is confirmed across multiple vulnerability feeds (OSV/NVD) an...

Fedora 24 : zoneminder (2017-d5fb74cd2e)

Security fix for CVE-2017-5595 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...

Fedora 25 : zoneminder (2017-2bb174ae3c)

Security fix for CVE-2017-5595 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...

Fedora Update for zoneminder FEDORA-2017-d5fb74cd2e

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for zoneminder FEDORA-2017-2bb174ae3c

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 24 Update: zoneminder-1.28.1-8.fc24

ZoneMinder is a set of applications which is intended to provide a complete solution allowing you to capture, analyse, record and monitor any cameras y ou have attached to a Linux based machine. It is designed to run on kernels wh ich support the Video For Linux V4L interface and has been tested...

[SECURITY] Fedora 25 Update: zoneminder-1.28.1-8.fc25

ZoneMinder is a set of applications which is intended to provide a complete solution allowing you to capture, analyse, record and monitor any cameras y ou have attached to a Linux based machine. It is designed to run on kernels wh ich support the Video For Linux V4L interface and has been tested...