1264 matches found
[SECURITY] [DSA 2640-1] zoneminder security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2640-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 14, 2013 http://www.debian.org/security/faq -...
CVE-2013-0232
includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 runState parameter in the packageControl function; or 2 key or 3 command parameter in the setDeviceStatusX10 function...
CVE-2013-0332
Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. dot dot in the 1 view, 2 request, or 3 action parameter...
Command injection
includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 runState parameter in the packageControl function; or 2 key or 3 command parameter in the setDeviceStatusX10 function...
Directory traversal
Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. dot dot in the 1 view, 2 request, or 3 action parameter...
DEBIAN-CVE-2013-0332
Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. dot dot in the 1 view, 2 request, or 3 action parameter...
CVE-2013-0232
includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 runState parameter in the packageControl function; or 2 key or 3 command parameter in the setDeviceStatusX10 function...
CVE-2013-0332
Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. dot dot in the 1 view, 2 request, or 3 action parameter...
UBUNTU-CVE-2013-0232
includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 runState parameter in the packageControl function; or 2 key or 3 command parameter in the setDeviceStatusX10 function...
DEBIAN-CVE-2013-0232
includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 runState parameter in the packageControl function; or 2 key or 3 command parameter in the setDeviceStatusX10 function...
CVE-2013-0332
Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. dot dot in the 1 view, 2 request, or 3 action parameter...
CVE-2013-0232
includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 runState parameter in the packageControl function; or 2 key or 3 command parameter in the setDeviceStatusX10 function...
CVE-2013-0232
includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 runState parameter in the packageControl function; or 2 key or 3 command parameter in the setDeviceStatusX10 function...
CVE-2013-0332
Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. dot dot in the 1 view, 2 request, or 3 action parameter...
CVE-2013-0232
includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 runState parameter in the packageControl function; or 2 key or 3 command parameter in the setDeviceStatusX10 function...
CVE-2013-0332
Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. dot dot in the 1 view, 2 request, or 3 action parameter...
CVE-2013-0332
ZoneMinder 1.24.x before 1.24.4 is affected by multiple directory traversal vulnerabilities that allow remote attackers to read arbitrary files via .. in the view, request, or action parameters. This root cause is a local/file access flaw in the handling of user-supplied paths, enabling file expo...
CVE-2013-0232
ZoneMinder Video Server contains a remote command execution vulnerability (CVE-2013-0232) in includes/functions.php affecting 1.24.0, 1.25.0 and earlier. The runState parameter in packageControl and key/command in setDeviceStatusX10 allow shell metacharacters to execute arbitrary commands, compro...
Debian DSA-2640-1 : zoneminder - several issues
Multiple vulnerabilities were discovered in zoneminder, a Linux video camera security and surveillance solution. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-0232 Brendan Coles discovered that zoneminder is prone to an arbitrary command execution...
[SECURITY] [DSA 2640-1] zoneminder security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2640-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 14, 2013 http://www.debian.org/security/faq -...