CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5595 – ZoneMinder XSS / CSRF / File Disclosure / Authentication Bypass
https://notcve.org/view.php?id=CVE-2017-5595
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). The attack vector is a .. (dot dot) in the path parameter within a zm/index.php?view=file&path= request. Existe una vulnerabilidad de divulgación e inclusión de archivos en web/views/file.php en ZoneMinder de 1.x hasta la versión v1.30.0 debido a que la entrada de usuario no filtrada se pasa a readfile(), lo que permite a un atacante autenticado leer archivos del sistema local (por ejemplo, /Etc/passwd) en el contexto del usuario del servidor web (www-data). • http://seclists.org/bugtraq/2017/Feb/6 http://seclists.org/fulldisclosure/2017/Feb/11 http://www.securityfocus.com/bid/96125 https://github.com/ZoneMinder/ZoneMinder/commit/8b19fca9927cdec07cc9dd09bdcf2496a5ae69b3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2017-5368 – ZoneMinder XSS / CSRF / File Disclosure / Authentication Bypass
https://notcve.org/view.php?id=CVE-2017-5368
ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admin user within the web application for remote persistence and further attacks. The URL is /zm/index.php and sample parameters could include action=user uid=0 newUser[Username]=attacker1 newUser[Password]=Password1234 conf_password=Password1234 newUser[System]=Edit (among others). ZoneMinder v1.30 y v1.29, una aplicación web de servidor de CCTV de código abierto, es vulnerable a CSRF (Cross Site Request Forgery), lo que permite a un ataque remoto realizar cambios en la aplicación web como la víctima registrada actual. Si la víctima visita una página web maliciosa, el atacante puede crear de forma silenciosa y automática un nuevo usuario admin dentro de la aplicación web para la persistencia remota y otros ataques. • http://seclists.org/bugtraq/2017/Feb/6 http://seclists.org/fulldisclosure/2017/Feb/11 http://www.securityfocus.com/bid/96126 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10140 – ZoneMinder XSS / CSRF / File Disclosure / Authentication Bypass
https://notcve.org/view.php?id=CVE-2016-10140
Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server via the /events URI. La vulnerabilidad de desvío de autenticación y divulgación de información existe en la configuración del servidor HTTP de Apache incluida con ZoneMinder v1.30 y v1.29, que permite a un atacante remoto no autenticado explorar todos los directorios de la raíz web, por ejemplo, un atacante remoto no autenticado puede ver todas las imágenes CCTV en el servidor a través de la URI /events. Various ZoneMinder versions suffer from authentication bypass, cross site request forgery, cross site scripting, information disclosure, and file disclosure vulnerabilities. • https://github.com/asaotomo/CVE-2016-10140-Zoneminder-Poc http://seclists.org/bugtraq/2017/Feb/6 http://seclists.org/fulldisclosure/2017/Feb/11 http://www.securityfocus.com/bid/96849 https://github.com/ZoneMinder/ZoneMinder/commit/71898df7565ed2a51dfe76a1cf30ddb81fc888ba https://github.com/ZoneMinder/ZoneMinder/pull/1697 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 64%CPEs: 6EXPL: 3CVE-2013-0232 – ZoneMinder Video Server - packageControl Command Execution
https://notcve.org/view.php?id=CVE-2013-0232
includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the packageControl function; or (2) key or (3) command parameter in the setDeviceStatusX10 function. includes/functions.php en ZoneMinder Video Server 1v.24.0, v1.25.0, y anteriores permite a atacantes remotos ejecutar comandos arbitarios mediante una shell de metacaracteres en el parámetro (1) "runState" de la función "packageControl", o los parámetros (2) "key" o (3) "command" en la función "setDeviceStatusX10". • https://www.exploit-db.com/exploits/24310 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698910 http://itsecuritysolutions.org/2013-01-22-ZoneMinder-Video-Server-arbitrary-command-execution-vulnerability http://www.debian.org/security/2013/dsa-2640 http://www.exploit-db.com/exploits/24310 http://www.openwall.com/lists/oss-security/2013/01/28/2 http://www.osvdb.org/89529 http://www.zoneminder.com/forums/viewtopic.php?f=29&t=20771 •
CVSS: 5.0EPSS: 7%CPEs: 4EXPL: 2CVE-2013-0332 – ZoneMinder 1.24.3 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2013-0332
Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter. Múltiples vulnerabilidades de salto de directorio en ZoneMinder v1.24.x anterior a v1.24.4 permite a atacantes remotos leer ficheros de su elección a través de un .. (punto punto) en los parámetros (1) "view", (2) "request", o (3) "action". • https://www.exploit-db.com/exploits/17593 https://www.exploit-db.com/exploits/24310 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700912 http://www.debian.org/security/2013/dsa-2640 http://www.openwall.com/lists/oss-security/2013/02/21/8 http://www.openwall.com/lists/oss-security/2013/02/21/9 http://www.zoneminder.com/forums/viewtopic.php?f=1&t=17979 http://www.zoneminder.com/wiki/index.php/Change_History • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •