CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2016-10203
https://notcve.org/view.php?id=CVE-2016-10203
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor. Vulnerabilidad de XSS en Zoneminder 1.30 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del nombre al crear un nuevo monitor. • http://www.openwall.com/lists/oss-security/2017/02/05/1 http://www.securityfocus.com/bid/97122 https://www.foxmole.com/advisories/foxmole-2016-07-05.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2016-10201
https://notcve.org/view.php?id=CVE-2016-10201
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php. Vulnerabilidad de XSS en Zoneminder 1.30 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro de formato en una solicitud de registro de descarga a index.php. • http://www.openwall.com/lists/oss-security/2017/02/05/1 https://www.foxmole.com/advisories/foxmole-2016-07-05.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2016-10204
https://notcve.org/view.php?id=CVE-2016-10204
SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php. Vulnerabilidad de inyección SQL en Zoneminder 1.30 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro limit en una solicitud de consulta de registro a index.php. • http://www.openwall.com/lists/oss-security/2017/02/05/1 https://www.foxmole.com/advisories/foxmole-2016-07-05.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2016-10205
https://notcve.org/view.php?id=CVE-2016-10205
Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie. Vulnerabilidad de reparación de sesión en Zoneminder 1.30 y versiones anteriores permite a atacantes remotos secuestrar sesiones web a través de la cookie ZMSESSID. • http://www.openwall.com/lists/oss-security/2017/02/05/1 http://www.securityfocus.com/bid/97116 https://www.foxmole.com/advisories/foxmole-2016-07-05.txt • CWE-384: Session Fixation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2016-10202
https://notcve.org/view.php?id=CVE-2016-10202
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php. Vulnerabilidad de XSS en Zoneminder 1.30 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la ruta info a index.php. • http://www.openwall.com/lists/oss-security/2017/02/05/1 https://www.foxmole.com/advisories/foxmole-2016-07-05.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •