) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- CPE Product Version: cpe:/a:zoneminder:zoneminder:1.26.0
There are 62 matching records.
Displaying matches 61 through 62.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2016-10201 |
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php. Published: March 03, 2017; 10:59:00 AM -0500 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2017-5595 |
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). The attack vector is a .. (dot dot) in the path parameter within a zm/index.php?view=file&path= request. Published: February 06, 2017; 12:59:00 PM -0500 |
V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |