ZoneMinder - Multiple Vulnerabilities Product: ZoneMinder Versions: Multiple versions - see inline Vulnerabilities: File Disclosure XSS CSRF Auth Bypass & Info Disclosure CVE-IDs: CVE-2016-10140 CVE-2017-5595 CVE-2017-5367 CVE-2017-5368 Details: CVE-2016-10140: Auth bypass and Info disclosure - affects v1.30 and v1.29 - PoC: - Fix: GitHub Commit CVE-2017-5595: File disclosure - affects v1.xx - code from 2008 - PoC: - Fix: GitHub Commit CVE-2017-5367: XSS - affects v1.30 and v1.29 - PoCs: - - CVE-2017-5368: CSRF - affects v1.30 and v1.29 - PoC: - Description: Adds a new admin user if the admin user is already logged in.