![]() The resulting impact can include unauthorized data access (and modification), authentication and/or authorization bypass, and remote code execution. A user with the View or Edit permissions of Events may execute arbitrary SQL. The (blind) SQL Injection vulnerability is present within the `filter` query string parameter of the `/zm/index.php` endpoint. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33. ![]() TriggerOn ends up calling shell_exec using the supplied Id. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. ![]() SQL injection vulnerability found in Varisicte matrix-gui v.2 allows a remote attacker to execute arbitrary code via the shell_exect parameter to the \CVE-2023-26779ĬleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution (RCE).ĪBUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.ĪSUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution. ![]() SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |