Sinvr 3 Video Server Security Vulnerabilities - 2020

CVE-2019-19290

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The DOWNLOADS section in the web interface of the Control CenterServer (CCS) contains a path traversal vulnerabilitythat could allow an authenticated remote attacker to access and downloadarbitrary files ...

CVE-2019-19291

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintainlog files that store login credentials in cleartext.In con...

CVE-2019-19292

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an SQL injectionvulnerability in its XML-based communication protocol as provided by defaulton ports 5444/tcp and 5440/tcp.An authenticated remote attacker could e...

CVE-2019-19293

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains areflected Cross-site Scripting (XSS) vulnerabilitythat could allow an unauthenticated remote attacker to steal sensitive dataor execute admin...

CVE-2019-19294

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) containsmultiple stored Cross-site Scripting (XSS) vulnerabilities in several inputfields.This could allow an authenticated remote attacker to inject m...

CVE-2019-19295

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) does not enforce logging ofsecurity-relevant activities in its XML-based communication protocolas provided by default on ports 5444/tcp and 5440/tcp.An authenticated remote...

CVE-2019-19296

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The two FTP services (default ports 21/tcp and 5411/tcp) of the SiVMS/SiNVR VideoServer contain a path traversal vulnerabilitythat could allow an authenticated remote attacker to access and downloadarbitrary...

CVE-2019-19297

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Servercontains a path traversal vulnerability, that could allow anunauthenticated remote attacker to access and download arbitrary files...