Sinvr 3 Video Server Security Vulnerabilities

CVE-2019-13947

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of theControl Center Server (CCS) transfers user passwords in clear to theclient (browser). An attacker with administrative privileges for the web interfac...

CVE-2019-18337

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypassvulnerability in its XML-based communication protocol as provided by defaulton ports 5444/tcp and 5440/tcp. A remote attacker with network ...

CVE-2019-18338

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains a directory traversalvulnerability in its XML-based communication protocol as provided by defaulton ports 5444/tcp and 5440/tcp. An authenticated remote attacker w...

CVE-2019-18339

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Servercontains an authentication bypass vulnerability, even when properlyconfigured with enforced authentication. A remote attacker with netw...

CVE-2019-18340

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS) (All versions >= V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0). Both the SiVMS/SiNVR Video Server and th...

CVE-2019-18341

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server(CCS) contains an authentication bypass vulnerability. A remote attacker with network access to the CCS server couldexploit this vulnerab...

CVE-2019-19290

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The DOWNLOADS section in the web interface of the Control CenterServer (CCS) contains a path traversal vulnerabilitythat could allow an authenticated remote attacker to access and downloadarbitrary files ...

CVE-2019-19291

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintainlog files that store login credentials in cleartext.In con...

CVE-2019-19292

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an SQL injectionvulnerability in its XML-based communication protocol as provided by defaulton ports 5444/tcp and 5440/tcp.An authenticated remote attacker could e...

CVE-2019-19293

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains areflected Cross-site Scripting (XSS) vulnerabilitythat could allow an unauthenticated remote attacker to steal sensitive dataor execute admin...

CVE-2019-19294

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) containsmultiple stored Cross-site Scripting (XSS) vulnerabilities in several inputfields.This could allow an authenticated remote attacker to inject m...

CVE-2019-19295

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) does not enforce logging ofsecurity-relevant activities in its XML-based communication protocolas provided by default on ports 5444/tcp and 5440/tcp.An authenticated remote...

CVE-2019-19296

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The two FTP services (default ports 21/tcp and 5411/tcp) of the SiVMS/SiNVR VideoServer contain a path traversal vulnerabilitythat could allow an authenticated remote attacker to access and downloadarbitrary...

CVE-2019-19297

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Servercontains a path traversal vulnerability, that could allow anunauthenticated remote attacker to access and download arbitrary files...