1264 matches found
DEBIAN-CVE-2017-5595
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files e.g., /etc/passwd in the context of the web server user www-dat...
CVE-2017-5368
ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF Cross Site Request Forgery which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and...
CVE-2017-5367
Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample...
CVE-2017-5595
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files e.g., /etc/passwd in the context of the web server user www-dat...
CVE-2017-5368
ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF Cross Site Request Forgery which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and...
CVE-2017-5367
Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample...
CVE-2017-5595
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files e.g., /etc/passwd in the context of the web server user www-dat...
CVE-2017-5367
Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample...
CVE-2017-5595
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files e.g., /etc/passwd in the context of the web server user www-dat...
CVE-2017-5368
ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF Cross Site Request Forgery which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and...
CVE-2017-5595
CVE-2017-5595 affects ZoneMinder 1.x up to v1.30.0, enabling an authenticated attacker to read local files (e.g., /etc/passwd) via web/views/file.php due to unfiltered input passed to readfile(); the attack uses a .. in the path parameter zm/index.php?view=file&path=. Connected advisories confirm...
CVE-2017-5368
CVE-2017-5368 affects ZoneMinder v1.30/v1.29 and is caused by CSRF in /zm/index.php that can silently create a new admin user when a logged-in victim visits a malicious page, enabling remote persistence. Connected documents confirm the issue alongside other vulnerabilities in ZoneMinder 1.x and r...
CVE-2017-5367
CVE-2017-5367 corresponds to multiple reflected XSS vulnerabilities in ZoneMinder (versions 1.30 and 1.29) where parameters in /zm/index.php can be manipulated to execute scripts in an authenticated user’s browser. Affected components include various query parameters (e.g., action, view, filter, ...
ZoneMinder XSS / CSRF / File Disclosure / Authentication Bypass
========================================================================== Product: ZoneMinder Versions: Multiple versions - see inline Vulnerabilities: File disclosure, XSS, CSRF, Auth bypass & Info disclosure CVE-IDs: CVE-2017-5595, CVE-2017-5367, CVE-2017-5368, CVE-2016-10140 Author: John...
ZoneMinder < 1.30.2 Multiple Vulnerabilities - Active Check
ZoneMinder is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zoneminder:zoneminder"; if...
ZoneMinder - Multiple Vulnerabilities
Exploit for php platform in category web applications ========================================================================== Product: ZoneMinder Versions: Multiple versions - see inline Vulnerabilities: File disclosure, XSS, CSRF, Auth bypass & Info disclosure CVE-IDs: CVE-2017-5595,...
Zoneminder 1.291.30 - Cross-Site Scripting SQL Injection Session Fixation Cross-Site Request Forgery
Zoneminder 1.291.30 - Cross-Site Scripting SQL Injection Session Fixation Cross-Site Request Forgery Source: https://www.foxmole.com/advisories/foxmole-2016-07-05.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === FOXMOLE - Security Advisory 2016-07-05 === Zoneminder multiple vulnerabilities...
Zoneminder 1.29/1.30 - Cross-Site Scripting / SQL Injection / Session Fixation / Cross-Site Request Forgery
Source: https://www.foxmole.com/advisories/foxmole-2016-07-05.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === FOXMOLE - Security Advisory 2016-07-05 === Zoneminder multiple vulnerabilities Affected Versions ================= Zoneminder 1.29,1.30 Issue Overview ============== Vulnerability...
Zoneminder 1.29 / 1.30 CSRF / XSS / SQL Injection / Session Fixation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === FOXMOLE - Security Advisory 2016-07-05 === Zoneminder multiple vulnerabilities Affected Versions ================= Zoneminder 1.29,1.30 Issue Overview ============== Vulnerability Type: SQL Injection, Cross Site Scripting, Session Fixation, No...
Zoneminder 1.29 / 1.30 Multiple Vulnerabilities
Zoneminder versions 1.29 and 1.30 suffer from cross site request forgery, cross site scripting, session fixation, and remote SQL injection vulnerabilities. Zoneminder multiple vulnerabilities Affected Versions ================= Zoneminder 1.29,1.30 Issue Overview ============== Vulnerability Type...