|
213041
|
6.5 |
MEDIUM
Network
|
systrome
|
isg-600c_firmware
isg-600h_firmware
isg-800w_firmware
|
A local file inclusion vulnerability exists in the web interface of Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. When the export function is called from syst…
|
CWE-22
Path Traversal
|
CVE-2019-7387
|
2024-11-21 13:48 |
2019-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213042
|
6.1 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'state' (aka Run State) (state.php) does no input validation to the value supplied to the 'New State' (aka ne…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7352
|
2024-11-21 13:48 |
2019-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213043
|
6.5 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in t…
|
CWE-74
Injection
|
CVE-2019-7351
|
2024-11-21 13:48 |
2019-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213044
|
7.3 |
HIGH
Network
|
zoneminder
|
zoneminder
|
Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. This occurs because a set o…
|
CWE-384
Session Fixation
|
CVE-2019-7350
|
2024-11-21 13:48 |
2019-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213045
|
6.1 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7349
|
2024-11-21 13:48 |
2019-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213046
|
6.1 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user (use…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7348
|
2024-11-21 13:48 |
2019-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213047
|
7.5 |
HIGH
Network
|
zoneminder
|
zoneminder
|
A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a n…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2019-7347
|
2024-11-21 13:48 |
2019-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213048
|
8.8 |
HIGH
Network
|
zoneminder
|
zoneminder
|
A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making…
|
CWE-352
Origin Validation Error
|
CVE-2019-7346
|
2024-11-21 13:48 |
2019-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213049
|
4.8 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BA…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7345
|
2024-11-21 13:48 |
2019-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213050
|
6.1 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on t…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7344
|
2024-11-21 13:48 |
2019-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
