Page 13 of 81 results (0.014 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. ZoneMinder, en versiones iguales o anteriores a la 1.32.2, contiene una vulnerabilidad desconocida en el parámetro controlado por el usuario que puede resultar en la divulgación de datos confidenciales, una denegación de servicio (DoS), Server-Side Request Forgery (SSRF) o la ejecución remota de código. • https://0dd.zone/2018/10/28/zoneminder-Object-Injection-2 https://github.com/ZoneMinder/zoneminder/issues/2272 • CWE-502: Deserialization of Untrusted Data •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. Se descubrió un Cross-Site Scripting (XSS) en ZoneMinder en versiones anteriores a la 1.30.2. La vulnerabilidad existe por el filtrado insuficiente de los datos proporcionados por el usuario (postLoginQuery) pasados a la URL "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php". • http://www.securityfocus.com/bid/97001 https://github.com/ZoneMinder/ZoneMinder/issues/1797 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor. Vulnerabilidad de XSS en Zoneminder 1.30 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del nombre al crear un nuevo monitor. • http://www.openwall.com/lists/oss-security/2017/02/05/1 http://www.securityfocus.com/bid/97122 https://www.foxmole.com/advisories/foxmole-2016-07-05.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php. Vulnerabilidad de XSS en Zoneminder 1.30 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro de formato en una solicitud de registro de descarga a index.php. • http://www.openwall.com/lists/oss-security/2017/02/05/1 https://www.foxmole.com/advisories/foxmole-2016-07-05.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2

SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php. Vulnerabilidad de inyección SQL en Zoneminder 1.30 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro limit en una solicitud de consulta de registro a index.php. • http://www.openwall.com/lists/oss-security/2017/02/05/1 https://www.foxmole.com/advisories/foxmole-2016-07-05.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •