Page 14 of 82 results (0.008 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php. Vulnerabilidad de XSS en Zoneminder 1.30 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro de formato en una solicitud de registro de descarga a index.php. • http://www.openwall.com/lists/oss-security/2017/02/05/1 https://www.foxmole.com/advisories/foxmole-2016-07-05.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2

SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php. Vulnerabilidad de inyección SQL en Zoneminder 1.30 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro limit en una solicitud de consulta de registro a index.php. • http://www.openwall.com/lists/oss-security/2017/02/05/1 https://www.foxmole.com/advisories/foxmole-2016-07-05.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie. Vulnerabilidad de reparación de sesión en Zoneminder 1.30 y versiones anteriores permite a atacantes remotos secuestrar sesiones web a través de la cookie ZMSESSID. • http://www.openwall.com/lists/oss-security/2017/02/05/1 http://www.securityfocus.com/bid/97116 https://www.foxmole.com/advisories/foxmole-2016-07-05.txt • CWE-384: Session Fixation •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php. Vulnerabilidad de XSS en Zoneminder 1.30 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la ruta info a index.php. • http://www.openwall.com/lists/oss-security/2017/02/05/1 https://www.foxmole.com/advisories/foxmole-2016-07-05.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2

Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php. Vulnerabilidad de CSRF en Zoneminder 1.30 y versiones anteriores permite a atacantes remotos secuestrar la autenticación de usuarios para solicitudes que cambian contraseñas y posiblemente tener otro impacto no especificado como se demuestra por una solicitud de acción de usuario a index.php manipulada. • http://www.openwall.com/lists/oss-security/2017/02/05/1 http://www.securityfocus.com/bid/97114 https://www.foxmole.com/advisories/foxmole-2016-07-05.txt • CWE-352: Cross-Site Request Forgery (CSRF) •