Lucene search
K

1264 matches found

OSV
OSV
added 2017/02/06 5:59 p.m.2 views

DEBIAN-CVE-2017-5595

A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files e.g., /etc/passwd in the context of the web server user www-dat...

5.5CVSS6.3AI score0.00434EPSS
Exploits2References1
Cvelist
Cvelist
added 2017/02/06 5:0 p.m.28 views

CVE-2017-5368

ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF Cross Site Request Forgery which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and...

8.6AI score0.01052EPSS
Exploits3References3
Cvelist
Cvelist
added 2017/02/06 5:0 p.m.32 views

CVE-2017-5367

Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample...

6.9AI score0.01996EPSS
Exploits3References3
Cvelist
Cvelist
added 2017/02/06 5:0 p.m.31 views

CVE-2017-5595

A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files e.g., /etc/passwd in the context of the web server user www-dat...

5.3AI score0.00434EPSS
Exploits2References4
Debian CVE
Debian CVE
added 2017/02/06 5:0 p.m.30 views

CVE-2017-5368

ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF Cross Site Request Forgery which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and...

8.8CVSS4.3AI score0.01052EPSS
Exploits3
Debian CVE
Debian CVE
added 2017/02/06 5:0 p.m.24 views

CVE-2017-5367

Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample...

6.1CVSS5AI score0.01996EPSS
Exploits3
Debian CVE
Debian CVE
added 2017/02/06 5:0 p.m.41 views

CVE-2017-5595

A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files e.g., /etc/passwd in the context of the web server user www-dat...

5.5CVSS3AI score0.00434EPSS
Exploits2
AlpineLinux
AlpineLinux
added 2017/02/06 5:0 p.m.40 views

CVE-2017-5367

Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample...

6.1CVSS6.7AI score0.01996EPSS
Exploits3
AlpineLinux
AlpineLinux
added 2017/02/06 5:0 p.m.46 views

CVE-2017-5595

A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files e.g., /etc/passwd in the context of the web server user www-dat...

5.5CVSS5.5AI score0.00434EPSS
Exploits2
AlpineLinux
AlpineLinux
added 2017/02/06 5:0 p.m.51 views

CVE-2017-5368

ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF Cross Site Request Forgery which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and...

8.8CVSS8.6AI score0.01052EPSS
Exploits3
CVE
CVE
added 2017/02/06 5:0 p.m.101 views

CVE-2017-5595

CVE-2017-5595 affects ZoneMinder 1.x up to v1.30.0, enabling an authenticated attacker to read local files (e.g., /etc/passwd) via web/views/file.php due to unfiltered input passed to readfile(); the attack uses a .. in the path parameter zm/index.php?view=file&path=. Connected advisories confirm...

5.5CVSS5.2AI score0.00434EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2017/02/06 5:0 p.m.91 views

CVE-2017-5368

CVE-2017-5368 affects ZoneMinder v1.30/v1.29 and is caused by CSRF in /zm/index.php that can silently create a new admin user when a logged-in victim visits a malicious page, enabling remote persistence. Connected documents confirm the issue alongside other vulnerabilities in ZoneMinder 1.x and r...

8.8CVSS8.4AI score0.01052EPSS
Exploits3References3Affected Software1
CVE
CVE
added 2017/02/06 5:0 p.m.100 views

CVE-2017-5367

CVE-2017-5367 corresponds to multiple reflected XSS vulnerabilities in ZoneMinder (versions 1.30 and 1.29) where parameters in /zm/index.php can be manipulated to execute scripts in an authenticated user’s browser. Affected components include various query parameters (e.g., action, view, filter, ...

6.1CVSS6.4AI score0.01996EPSS
Exploits3References3Affected Software1
Packet Storm
Packet Storm
added 2017/02/06 12:0 a.m.922 views

ZoneMinder XSS / CSRF / File Disclosure / Authentication Bypass

========================================================================== Product: ZoneMinder Versions: Multiple versions - see inline Vulnerabilities: File disclosure, XSS, CSRF, Auth bypass & Info disclosure CVE-IDs: CVE-2017-5595, CVE-2017-5367, CVE-2017-5368, CVE-2016-10140 Author: John...

0.6AI score0.06739EPSS
Exploits4
OpenVAS
OpenVAS
added 2017/02/06 12:0 a.m.45 views

ZoneMinder < 1.30.2 Multiple Vulnerabilities - Active Check

ZoneMinder is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zoneminder:zoneminder"; if...

8.8CVSS6.5AI score0.01996EPSS
Exploits4References1
0day.today
0day.today
added 2017/02/05 12:0 a.m.92 views

ZoneMinder - Multiple Vulnerabilities

Exploit for php platform in category web applications ========================================================================== Product: ZoneMinder Versions: Multiple versions - see inline Vulnerabilities: File disclosure, XSS, CSRF, Auth bypass & Info disclosure CVE-IDs: CVE-2017-5595,...

6.8CVSS6.5AI score0.06739EPSS
Exploits4
exploitpack
exploitpack
added 2017/02/03 12:0 a.m.24 views

Zoneminder 1.291.30 - Cross-Site Scripting SQL Injection Session Fixation Cross-Site Request Forgery

Zoneminder 1.291.30 - Cross-Site Scripting SQL Injection Session Fixation Cross-Site Request Forgery Source: https://www.foxmole.com/advisories/foxmole-2016-07-05.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === FOXMOLE - Security Advisory 2016-07-05 === Zoneminder multiple vulnerabilities...

8.3AI score
Exploits0
Exploit DB
Exploit DB
added 2017/02/03 12:0 a.m.48 views

Zoneminder 1.29/1.30 - Cross-Site Scripting / SQL Injection / Session Fixation / Cross-Site Request Forgery

Source: https://www.foxmole.com/advisories/foxmole-2016-07-05.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === FOXMOLE - Security Advisory 2016-07-05 === Zoneminder multiple vulnerabilities Affected Versions ================= Zoneminder 1.29,1.30 Issue Overview ============== Vulnerability...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2017/02/02 12:0 a.m.48 views

Zoneminder 1.29 / 1.30 CSRF / XSS / SQL Injection / Session Fixation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === FOXMOLE - Security Advisory 2016-07-05 === Zoneminder multiple vulnerabilities Affected Versions ================= Zoneminder 1.29,1.30 Issue Overview ============== Vulnerability Type: SQL Injection, Cross Site Scripting, Session Fixation, No...

0.3AI score
Exploits0
0day.today
0day.today
added 2017/02/02 12:0 a.m.31 views

Zoneminder 1.29 / 1.30 Multiple Vulnerabilities

Zoneminder versions 1.29 and 1.30 suffer from cross site request forgery, cross site scripting, session fixation, and remote SQL injection vulnerabilities. Zoneminder multiple vulnerabilities Affected Versions ================= Zoneminder 1.29,1.30 Issue Overview ============== Vulnerability Type...

8.1AI score
Exploits0
Rows per page
Query Builder