https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 05 Jun 2026 04:11:39 +0000 https://db.gcve.eu/sighting/3a084a9f-2942-4dcd-aeaf-27e5126a2502/export {"uuid": "3a084a9f-2942-4dcd-aeaf-27e5126a2502", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45170", "type": "seen", "source": "https://t.me/cvedetector/4821", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45170 - C-MOR Video Surveillance Unauthenticated Access Control Bypass Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-45170 \nPublished : Sept. 4, 2024, 5:15 p.m. | 36\u00a0minutes ago \nDescription : An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only available to administrative users. However, access those functions is restricted via the web application user interface and not checked on the server side. Thus, by sending corresponding HTTP requests to the web server of the C-MOR web interface, low privileged users can also use administrative functionality, for instance downloading backup files or changing configuration settings. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T20:15:45.000000Z"} {"uuid": "3a084a9f-2942-4dcd-aeaf-27e5126a2502", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45170", "type": "seen", "source": "https://t.me/cvedetector/4821", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45170 - C-MOR Video Surveillance Unauthenticated Access Control Bypass Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-45170 \nPublished : Sept. 4, 2024, 5:15 p.m. | 36\u00a0minutes ago \nDescription : An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only available to administrative users. However, access those functions is restricted via the web application user interface and not checked on the server side. Thus, by sending corresponding HTTP requests to the web server of the C-MOR web interface, low privileged users can also use administrative functionality, for instance downloading backup files or changing configuration settings. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T20:15:45.000000Z"} https://db.gcve.eu/sighting/3a084a9f-2942-4dcd-aeaf-27e5126a2502/export Wed, 04 Sep 2024 20:15:45 +0000 https://db.gcve.eu/sighting/0b04a399-cee4-4419-9fe2-75a53d058420/export {"uuid": "0b04a399-cee4-4419-9fe2-75a53d058420", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45177", "type": "seen", "source": "https://t.me/cvedetector/4828", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45177 - C-MOR Video Surveillance Persistent XSS Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-45177 \nPublished : Sept. 4, 2024, 6:15 p.m. | 37\u00a0minutes ago \nDescription : An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper input validation, the C-MOR web interface is vulnerable to persistent cross-site scripting (XSS) attacks. It was found out that the camera configuration is vulnerable to a persistent cross-site scripting attack due to insufficient user input validation. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T21:05:59.000000Z"} {"uuid": "0b04a399-cee4-4419-9fe2-75a53d058420", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45177", "type": "seen", "source": "https://t.me/cvedetector/4828", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45177 - C-MOR Video Surveillance Persistent XSS Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-45177 \nPublished : Sept. 4, 2024, 6:15 p.m. | 37\u00a0minutes ago \nDescription : An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper input validation, the C-MOR web interface is vulnerable to persistent cross-site scripting (XSS) attacks. It was found out that the camera configuration is vulnerable to a persistent cross-site scripting attack due to insufficient user input validation. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T21:05:59.000000Z"} https://db.gcve.eu/sighting/0b04a399-cee4-4419-9fe2-75a53d058420/export Wed, 04 Sep 2024 21:05:59 +0000 https://db.gcve.eu/sighting/e7c3c402-5c37-4539-bdb7-b4a0c02efb8d/export {"uuid": "e7c3c402-5c37-4539-bdb7-b4a0c02efb8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45172", "type": "seen", "source": "https://t.me/cvedetector/4852", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45172 - \"Za-Internet C-MOR Video Surveillance CSRF Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-45172 \nPublished : Sept. 4, 2024, 8:15 p.m. | 27\u00a0minutes ago \nDescription : An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to missing protection mechanisms, the C-MOR web interface is vulnerable to cross-site request forgery (CSRF) attacks. The C-MOR web interface offers no protection against cross-site request forgery (CSRF) attacks. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T22:47:16.000000Z"} {"uuid": "e7c3c402-5c37-4539-bdb7-b4a0c02efb8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45172", "type": "seen", "source": "https://t.me/cvedetector/4852", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45172 - \"Za-Internet C-MOR Video Surveillance CSRF Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-45172 \nPublished : Sept. 4, 2024, 8:15 p.m. | 27\u00a0minutes ago \nDescription : An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to missing protection mechanisms, the C-MOR web interface is vulnerable to cross-site request forgery (CSRF) attacks. The C-MOR web interface offers no protection against cross-site request forgery (CSRF) attacks. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T22:47:16.000000Z"} https://db.gcve.eu/sighting/e7c3c402-5c37-4539-bdb7-b4a0c02efb8d/export Wed, 04 Sep 2024 22:47:16 +0000 https://db.gcve.eu/sighting/ba56eb29-d6fe-45dd-8254-e5fb081234bb/export {"uuid": "ba56eb29-d6fe-45dd-8254-e5fb081234bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45178", "type": "seen", "source": "https://t.me/cvedetector/4920", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45178 - Za-Internet C-MOR Video Surveillance Path Traversal Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-45178 \nPublished : Sept. 5, 2024, 3:15 p.m. | 36\u00a0minutes ago \nDescription : An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to download arbitrary files from the C-MOR system via a path traversal attack. It was found out that different functionalities are vulnerable to path traversal attacks, due to insufficient user input validation. For instance, the download functionality for backups provided by the script download-bkf.pml is vulnerable to a path traversal attack via the parameter bkf. This enables an authenticated user to download arbitrary files as Linux user www-data from the C-MOR system. Another path traversal attack is in the script show-movies.pml, which can be exploited via the parameter cam. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"05 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-05T18:02:33.000000Z"} {"uuid": "ba56eb29-d6fe-45dd-8254-e5fb081234bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45178", "type": "seen", "source": "https://t.me/cvedetector/4920", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45178 - Za-Internet C-MOR Video Surveillance Path Traversal Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-45178 \nPublished : Sept. 5, 2024, 3:15 p.m. | 36\u00a0minutes ago \nDescription : An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to download arbitrary files from the C-MOR system via a path traversal attack. It was found out that different functionalities are vulnerable to path traversal attacks, due to insufficient user input validation. For instance, the download functionality for backups provided by the script download-bkf.pml is vulnerable to a path traversal attack via the parameter bkf. This enables an authenticated user to download arbitrary files as Linux user www-data from the C-MOR system. Another path traversal attack is in the script show-movies.pml, which can be exploited via the parameter cam. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"05 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-05T18:02:33.000000Z"} https://db.gcve.eu/sighting/ba56eb29-d6fe-45dd-8254-e5fb081234bb/export Thu, 05 Sep 2024 18:02:33 +0000 https://db.gcve.eu/sighting/8d5a4d66-47f4-44fc-b000-0900d8e7359f/export {"uuid": "8d5a4d66-47f4-44fc-b000-0900d8e7359f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45173", "type": "seen", "source": "https://t.me/cvedetector/4921", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45173 - C-MOR Video Surveillance Sudo Privilege Escalation Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-45173 \nPublished : Sept. 5, 2024, 3:15 p.m. | 36\u00a0minutes ago \nDescription : An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper privilege management concerning sudo privileges, C-MOR is vulnerable to a privilege escalation attack. The Linux user www-data running the C-MOR web interface can execute some OS commands as root via Sudo without having to enter the root password. These commands, for example, include cp, chown, and chmod, which enable an attacker to modify the system's sudoers file in order to execute all commands with root privileges. Thus, it is possible to escalate the limited privileges of the user www-data to root privileges. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"05 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-05T18:02:34.000000Z"} {"uuid": "8d5a4d66-47f4-44fc-b000-0900d8e7359f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45173", "type": "seen", "source": "https://t.me/cvedetector/4921", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45173 - C-MOR Video Surveillance Sudo Privilege Escalation Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-45173 \nPublished : Sept. 5, 2024, 3:15 p.m. | 36\u00a0minutes ago \nDescription : An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper privilege management concerning sudo privileges, C-MOR is vulnerable to a privilege escalation attack. The Linux user www-data running the C-MOR web interface can execute some OS commands as root via Sudo without having to enter the root password. These commands, for example, include cp, chown, and chmod, which enable an attacker to modify the system's sudoers file in order to execute all commands with root privileges. Thus, it is possible to escalate the limited privileges of the user www-data to root privileges. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"05 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-05T18:02:34.000000Z"} https://db.gcve.eu/sighting/8d5a4d66-47f4-44fc-b000-0900d8e7359f/export Thu, 05 Sep 2024 18:02:34 +0000 https://db.gcve.eu/sighting/ab64e052-e2d9-4fdf-9255-3f36dc359e73/export {"uuid": "ab64e052-e2d9-4fdf-9255-3f36dc359e73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45171", "type": "seen", "source": "https://t.me/cvedetector/4922", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45171 - C-MOR Video Surveillance Remote File Upload Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-45171 \nPublished : Sept. 5, 2024, 4:15 p.m. | 36\u00a0minutes ago \nDescription : An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to upload dangerous files, for instance PHP code, to the C-MOR system. By analyzing the C-MOR web interface, it was found out that the upload functionality for backup files allows an authenticated user to upload arbitrary files. The only condition is that the filename contains a .cbkf string. Therefore, webshell.cbkf.php is considered a valid file name for the C-MOR web application. Uploaded files are stored within the directory \"/srv/www/backups\" on the C-MOR system, and can thus be accessed via the URL https:///backup/upload_. Due to broken access control, low-privileged authenticated users can also use this file upload functionality. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"05 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-05T18:52:43.000000Z"} {"uuid": "ab64e052-e2d9-4fdf-9255-3f36dc359e73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45171", "type": "seen", "source": "https://t.me/cvedetector/4922", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45171 - C-MOR Video Surveillance Remote File Upload Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-45171 \nPublished : Sept. 5, 2024, 4:15 p.m. | 36\u00a0minutes ago \nDescription : An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to upload dangerous files, for instance PHP code, to the C-MOR system. By analyzing the C-MOR web interface, it was found out that the upload functionality for backup files allows an authenticated user to upload arbitrary files. The only condition is that the filename contains a .cbkf string. Therefore, webshell.cbkf.php is considered a valid file name for the C-MOR web application. Uploaded files are stored within the directory \"/srv/www/backups\" on the C-MOR system, and can thus be accessed via the URL https:///backup/upload_. Due to broken access control, low-privileged authenticated users can also use this file upload functionality. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"05 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-05T18:52:43.000000Z"} https://db.gcve.eu/sighting/ab64e052-e2d9-4fdf-9255-3f36dc359e73/export Thu, 05 Sep 2024 18:52:43 +0000 https://db.gcve.eu/sighting/b6d354ad-20d4-4c13-a596-0fe32e3368df/export {"uuid": "b6d354ad-20d4-4c13-a596-0fe32e3368df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45176", "type": "seen", "source": "https://t.me/cvedetector/4923", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45176 - \"Za-Internet C-MOR Video Surveillance Cross-Site Scripting Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-45176 \nPublished : Sept. 5, 2024, 4:15 p.m. | 36\u00a0minutes ago \nDescription : An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper input validation, the C-MOR web interface is vulnerable to reflected cross-site scripting (XSS) attacks. It was found out that different functions are prone to reflected cross-site scripting attacks due to insufficient user input validation. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"05 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-05T18:52:44.000000Z"} {"uuid": "b6d354ad-20d4-4c13-a596-0fe32e3368df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45176", "type": "seen", "source": "https://t.me/cvedetector/4923", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45176 - \"Za-Internet C-MOR Video Surveillance Cross-Site Scripting Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-45176 \nPublished : Sept. 5, 2024, 4:15 p.m. | 36\u00a0minutes ago \nDescription : An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper input validation, the C-MOR web interface is vulnerable to reflected cross-site scripting (XSS) attacks. It was found out that different functions are prone to reflected cross-site scripting attacks due to insufficient user input validation. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"05 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-05T18:52:44.000000Z"} https://db.gcve.eu/sighting/b6d354ad-20d4-4c13-a596-0fe32e3368df/export Thu, 05 Sep 2024 18:52:44 +0000 https://db.gcve.eu/sighting/99d006d1-540a-412a-9b9a-5b02660e116b/export {"uuid": "99d006d1-540a-412a-9b9a-5b02660e116b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45175", "type": "seen", "source": "https://t.me/cvedetector/4925", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45175 - \"C-MOR Video Surveillance Cleartext Sensitive Information Storage Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-45175 \nPublished : Sept. 5, 2024, 4:15 p.m. | 36\u00a0minutes ago \nDescription : An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Sensitive information is stored in cleartext. It was found out that sensitive information, for example login credentials of cameras, is stored in cleartext. Thus, an attacker with filesystem access, for example exploiting a path traversal attack, has access to the login data of all configured cameras, or the configured FTP server. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"05 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-05T18:52:46.000000Z"} {"uuid": "99d006d1-540a-412a-9b9a-5b02660e116b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45175", "type": "seen", "source": "https://t.me/cvedetector/4925", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45175 - \"C-MOR Video Surveillance Cleartext Sensitive Information Storage Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-45175 \nPublished : Sept. 5, 2024, 4:15 p.m. | 36\u00a0minutes ago \nDescription : An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Sensitive information is stored in cleartext. It was found out that sensitive information, for example login credentials of cameras, is stored in cleartext. Thus, an attacker with filesystem access, for example exploiting a path traversal attack, has access to the login data of all configured cameras, or the configured FTP server. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"05 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-05T18:52:46.000000Z"} https://db.gcve.eu/sighting/99d006d1-540a-412a-9b9a-5b02660e116b/export Thu, 05 Sep 2024 18:52:46 +0000 https://db.gcve.eu/sighting/a16b7797-9ca2-4752-b0e9-f56036e6abf8/export {"uuid": "a16b7797-9ca2-4752-b0e9-f56036e6abf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45179", "type": "seen", "source": "https://t.me/cvedetector/7418", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45179 - ZA-Internet C-MOR Video Surveillance OS Command Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-45179 \nPublished : Oct. 9, 2024, 4:15 a.m. | 38\u00a0minutes ago \nDescription : An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insufficient input validation, the C-MOR web interface is vulnerable to OS command injection attacks. It was found out that different functionality is vulnerable to OS command injection attacks, for example for generating new X.509 certificates, or setting the time zone. These OS command injection vulnerabilities in the script generatesslreq.pml can be exploited as a low-privileged authenticated user to execute commands in the context of the Linux user www-data via shell metacharacters in HTTP POST data (e.g., the city parameter). The OS command injection vulnerability in the script settimezone.pml or setdatetime.pml (e.g., via the year parameter) requires an administrative user for the C-MOR web interface. By also exploiting a privilege-escalation vulnerability, it is possible to execute commands on the C-MOR system with root privileges. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"09 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-09T07:17:01.000000Z"} {"uuid": "a16b7797-9ca2-4752-b0e9-f56036e6abf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45179", "type": "seen", "source": "https://t.me/cvedetector/7418", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45179 - ZA-Internet C-MOR Video Surveillance OS Command Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-45179 \nPublished : Oct. 9, 2024, 4:15 a.m. | 38\u00a0minutes ago \nDescription : An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insufficient input validation, the C-MOR web interface is vulnerable to OS command injection attacks. It was found out that different functionality is vulnerable to OS command injection attacks, for example for generating new X.509 certificates, or setting the time zone. These OS command injection vulnerabilities in the script generatesslreq.pml can be exploited as a low-privileged authenticated user to execute commands in the context of the Linux user www-data via shell metacharacters in HTTP POST data (e.g., the city parameter). The OS command injection vulnerability in the script settimezone.pml or setdatetime.pml (e.g., via the year parameter) requires an administrative user for the C-MOR web interface. By also exploiting a privilege-escalation vulnerability, it is possible to execute commands on the C-MOR system with root privileges. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"09 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-09T07:17:01.000000Z"} https://db.gcve.eu/sighting/a16b7797-9ca2-4752-b0e9-f56036e6abf8/export Wed, 09 Oct 2024 07:17:01 +0000 https://db.gcve.eu/sighting/134136c7-316b-4291-844c-3610d3a99823/export {"uuid": "134136c7-316b-4291-844c-3610d3a99823", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-4517", "type": "seen", "source": "Telegram/SazXMHB0NSiYyh5HqonwSSAeFnQvi0bjr8HtJj15UOsgXPGN", "content": "", "creation_timestamp": "2025-02-19T19:13:56.000000Z"} {"uuid": "134136c7-316b-4291-844c-3610d3a99823", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-4517", "type": "seen", "source": "Telegram/SazXMHB0NSiYyh5HqonwSSAeFnQvi0bjr8HtJj15UOsgXPGN", "content": "", "creation_timestamp": "2025-02-19T19:13:56.000000Z"} https://db.gcve.eu/sighting/134136c7-316b-4291-844c-3610d3a99823/export Wed, 19 Feb 2025 19:13:56 +0000