Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8902PUBLISHED: 2019-02-18An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.
CVE-2019-8423PUBLISHED: 2019-02-18ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
CVE-2019-8424PUBLISHED: 2019-02-18ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
CVE-2019-8425PUBLISHED: 2019-02-18includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.
CVE-2019-8426PUBLISHED: 2019-02-18skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.