oss-sec mailing list archives
Re: [FOXMOLE SA 2016-07-05] ZoneMinder - Multiple Issues
From: <cve-assign () mitre org>
Date: Sat, 4 Feb 2017 21:32:29 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://www.foxmole.com/advisories/foxmole-2016-07-05.txt The following findings are only examples there are quite more.
1)Cross Site Scripting (XSS)
[] index.php?view=request& request=log& task=download& key=a9fef1f4& format=[XSS]
Use CVE-2016-10201.
[] index.php/[XSS]
Use CVE-2016-10202.
[] Creating a new monitor using [XSS in] the name
Use CVE-2016-10203.
[] 2)SQL Injection Parameter: limit (POST)
Use CVE-2016-10204.
[] 3)Session Fixation After a successful authentication the Session Cookie ZMSESSID remains the same.
Use CVE-2016-10205.
[] 4)No CSRF Protection A possible CSRF attack form, which changes the password of the admin
Use CVE-2016-10206. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYlo37AAoJEHb/MwWLVhi2nWEP/219hKMVosSqRw9bj9SbRjbL bRGYYuYjwbE7/JWLFL0o0IdjoO3Rndkwg39SAn4Bf92ZbSk+mrTLDHyM+sOI0JBD 5m9/yE1Oh/Nnlw0dwNSL74Qo1LeHlj6Dq1WbALwQy+Nr46PYrKTeK2RyOFtX2mXF ogzDiPv6vzkRaAp90T5eVkTLUm6WUhvo0lsE0w2B5iJLDXZ9JWyCyRiagJhwTqCa pRfvRG/0k6rar7lsyxVVC1LhAAhKiJUo7ZKH+3RAcvd+0S0FOWUH2SEhiDpqvnQS WAx8Y/iE6Ijuymlmd0U+CeEg3dIpnqFu6haof/m+g5pNFXJlQbnElwW80rH2b56n rhG8xNx+hd9tUKqtfTIX+T4dXkGcWEe5A9dqBN6BNmzNXWJ6tmSuFyGTDfsyMWxH ima3jgZVmoIYlVxfUXNrUMetsdD1nDr1bGFsecN+WV8JaTf9lo1vEum1NHMr4ruC hxFmDVGsmxJa2VEmqcRrAGs6JYvJKiQT0gu7y8g2EeYzRiprdlh9sLaPnG9aXgQa M+OD0M2tgcc4hFCbS65jxyf8NmaIKBR2UuApkDQxIO4uv7neuIuBvJr16STE2baZ jkWbYAtZDyXtJ5Vs5+Nb6IhdYcq6eW6/2qfz7AI48cSZHWop6l8o6q01VkgrLU/h 0pxDmijjxjLENgyn6Mg0 =jw7Y -----END PGP SIGNATURE-----
Current thread:
- [FOXMOLE SA 2016-07-05] ZoneMinder - Multiple Issues FOXMOLE Advisories (Feb 02)
- Re: [FOXMOLE SA 2016-07-05] ZoneMinder - Multiple Issues cve-assign (Feb 04)