Published: 03/03/2017 Updated: 29/03/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and previous versions allows remote malicious users to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zoneminder zoneminder

Debian Bug report logs - #854272 CVE-2016-10201 CVE-2016-10202 CVE-2016-10203 CVE-2016-10204 CVE-2016-10205 CVE-2016-10206 Package: src:zoneminder; Maintainer for src:zoneminder is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 5 Feb 2017 17:21:02 UTC Severity: grave ...

CWE-352 https://www.foxmole.com/advisories/foxmole-2016-07-05.txt http://www.openwall.com/lists/oss-security/2017/02/05/1 http://www.securityfocus.com/bid/97114 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272 https://nvd.nist.gov

CVE-2016-10206

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect