CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2017-5368 – ZoneMinder XSS / CSRF / File Disclosure / Authentication Bypass
https://notcve.org/view.php?id=CVE-2017-5368
ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admin user within the web application for remote persistence and further attacks. The URL is /zm/index.php and sample parameters could include action=user uid=0 newUser[Username]=attacker1 newUser[Password]=Password1234 conf_password=Password1234 newUser[System]=Edit (among others). ZoneMinder v1.30 y v1.29, una aplicación web de servidor de CCTV de código abierto, es vulnerable a CSRF (Cross Site Request Forgery), lo que permite a un ataque remoto realizar cambios en la aplicación web como la víctima registrada actual. Si la víctima visita una página web maliciosa, el atacante puede crear de forma silenciosa y automática un nuevo usuario admin dentro de la aplicación web para la persistencia remota y otros ataques. • http://seclists.org/bugtraq/2017/Feb/6 http://seclists.org/fulldisclosure/2017/Feb/11 http://www.securityfocus.com/bid/96126 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10140 – ZoneMinder XSS / CSRF / File Disclosure / Authentication Bypass
https://notcve.org/view.php?id=CVE-2016-10140
Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server via the /events URI. La vulnerabilidad de desvío de autenticación y divulgación de información existe en la configuración del servidor HTTP de Apache incluida con ZoneMinder v1.30 y v1.29, que permite a un atacante remoto no autenticado explorar todos los directorios de la raíz web, por ejemplo, un atacante remoto no autenticado puede ver todas las imágenes CCTV en el servidor a través de la URI /events. Various ZoneMinder versions suffer from authentication bypass, cross site request forgery, cross site scripting, information disclosure, and file disclosure vulnerabilities. • https://github.com/asaotomo/CVE-2016-10140-Zoneminder-Poc http://seclists.org/bugtraq/2017/Feb/6 http://seclists.org/fulldisclosure/2017/Feb/11 http://www.securityfocus.com/bid/96849 https://github.com/ZoneMinder/ZoneMinder/commit/71898df7565ed2a51dfe76a1cf30ddb81fc888ba https://github.com/ZoneMinder/ZoneMinder/pull/1697 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 64%CPEs: 6EXPL: 3CVE-2013-0232 – ZoneMinder Video Server - packageControl Command Execution
https://notcve.org/view.php?id=CVE-2013-0232
includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the packageControl function; or (2) key or (3) command parameter in the setDeviceStatusX10 function. includes/functions.php en ZoneMinder Video Server 1v.24.0, v1.25.0, y anteriores permite a atacantes remotos ejecutar comandos arbitarios mediante una shell de metacaracteres en el parámetro (1) "runState" de la función "packageControl", o los parámetros (2) "key" o (3) "command" en la función "setDeviceStatusX10". • https://www.exploit-db.com/exploits/24310 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698910 http://itsecuritysolutions.org/2013-01-22-ZoneMinder-Video-Server-arbitrary-command-execution-vulnerability http://www.debian.org/security/2013/dsa-2640 http://www.exploit-db.com/exploits/24310 http://www.openwall.com/lists/oss-security/2013/01/28/2 http://www.osvdb.org/89529 http://www.zoneminder.com/forums/viewtopic.php?f=29&t=20771 •
CVSS: 5.0EPSS: 7%CPEs: 4EXPL: 2CVE-2013-0332 – ZoneMinder 1.24.3 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2013-0332
Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter. Múltiples vulnerabilidades de salto de directorio en ZoneMinder v1.24.x anterior a v1.24.4 permite a atacantes remotos leer ficheros de su elección a través de un .. (punto punto) en los parámetros (1) "view", (2) "request", o (3) "action". • https://www.exploit-db.com/exploits/17593 https://www.exploit-db.com/exploits/24310 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700912 http://www.debian.org/security/2013/dsa-2640 http://www.openwall.com/lists/oss-security/2013/02/21/8 http://www.openwall.com/lists/oss-security/2013/02/21/9 http://www.zoneminder.com/forums/viewtopic.php?f=1&t=17979 http://www.zoneminder.com/wiki/index.php/Change_History • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2008-6755
https://notcve.org/view.php?id=CVE-2008-6755
ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script. ZoneMinder v1.23.3 en Fedora 10 establece la propiedad de /etc/zm.conf a la cuenta de usuario de apache, y establece los permisos a 0600, lo cual facilita a los atacantes remotos la modificación de este archivo para acceder a él a través de un archivo de secuencias de comandos PHP (1) o CGI (2). • https://bugzilla.redhat.com/show_bug.cgi?id=476529 https://exchange.xforce.ibmcloud.com/vulnerabilities/50324 https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00204.html • CWE-264: Permissions, Privileges, and Access Controls •