CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5595 – ZoneMinder XSS / CSRF / File Disclosure / Authentication Bypass
https://notcve.org/view.php?id=CVE-2017-5595
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). The attack vector is a .. (dot dot) in the path parameter within a zm/index.php?view=file&path= request. Existe una vulnerabilidad de divulgación e inclusión de archivos en web/views/file.php en ZoneMinder de 1.x hasta la versión v1.30.0 debido a que la entrada de usuario no filtrada se pasa a readfile(), lo que permite a un atacante autenticado leer archivos del sistema local (por ejemplo, /Etc/passwd) en el contexto del usuario del servidor web (www-data). • http://seclists.org/bugtraq/2017/Feb/6 http://seclists.org/fulldisclosure/2017/Feb/11 http://www.securityfocus.com/bid/96125 https://github.com/ZoneMinder/ZoneMinder/commit/8b19fca9927cdec07cc9dd09bdcf2496a5ae69b3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 64%CPEs: 6EXPL: 3CVE-2013-0232 – ZoneMinder Video Server - packageControl Command Execution
https://notcve.org/view.php?id=CVE-2013-0232
includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the packageControl function; or (2) key or (3) command parameter in the setDeviceStatusX10 function. includes/functions.php en ZoneMinder Video Server 1v.24.0, v1.25.0, y anteriores permite a atacantes remotos ejecutar comandos arbitarios mediante una shell de metacaracteres en el parámetro (1) "runState" de la función "packageControl", o los parámetros (2) "key" o (3) "command" en la función "setDeviceStatusX10". • https://www.exploit-db.com/exploits/24310 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698910 http://itsecuritysolutions.org/2013-01-22-ZoneMinder-Video-Server-arbitrary-command-execution-vulnerability http://www.debian.org/security/2013/dsa-2640 http://www.exploit-db.com/exploits/24310 http://www.openwall.com/lists/oss-security/2013/01/28/2 http://www.osvdb.org/89529 http://www.zoneminder.com/forums/viewtopic.php?f=29&t=20771 •
CVSS: 5.0EPSS: 7%CPEs: 4EXPL: 2CVE-2013-0332 – ZoneMinder 1.24.3 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2013-0332
Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter. Múltiples vulnerabilidades de salto de directorio en ZoneMinder v1.24.x anterior a v1.24.4 permite a atacantes remotos leer ficheros de su elección a través de un .. (punto punto) en los parámetros (1) "view", (2) "request", o (3) "action". • https://www.exploit-db.com/exploits/17593 https://www.exploit-db.com/exploits/24310 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700912 http://www.debian.org/security/2013/dsa-2640 http://www.openwall.com/lists/oss-security/2013/02/21/8 http://www.openwall.com/lists/oss-security/2013/02/21/9 http://www.zoneminder.com/forums/viewtopic.php?f=1&t=17979 http://www.zoneminder.com/wiki/index.php/Change_History • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •