Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

zoneminder zoneminder 1.23.3 vulnerabilities and exploits

(subscribe to this query)
5
CVSSv2
CVE-2008-6755
ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote malicious users to modify this file by accessing it through a (1) PHP or (2) CGI script.
Zoneminder Zoneminder 1.23.3
2.1
CVSSv2
CVE-2008-6756
ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file.
Zoneminder Zoneminder 1.23.3
7.5
CVSSv2
CVE-2008-3880
SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and previous versions allows remote malicious users to execute arbitrary SQL commands via the filter array parameter.
Zoneminder Zoneminder 0.9.14Zoneminder Zoneminder 0.9.15Zoneminder Zoneminder 1.17.2Zoneminder Zoneminder 1.18.0Zoneminder Zoneminder 1.19.5Zoneminder Zoneminder 1.20.0Zoneminder Zoneminder 1.22.1Zoneminder Zoneminder 1.22.2Zoneminder Zoneminder 0.0.1Zoneminder Zoneminder 0.9.10Zoneminder Zoneminder 0.9.11Zoneminder Zoneminder 0.9.8Zoneminder Zoneminder 0.9.9Zoneminder Zoneminder 0.9.12Zoneminder Zoneminder 0.9.13Zoneminder Zoneminder 1.17.0Zoneminder Zoneminder 1.17.1Zoneminder Zoneminder 1.19.3Zoneminder Zoneminder 1.19.4Zoneminder Zoneminder 1.21.4Zoneminder Zoneminder 1.22.0Zoneminder Zoneminder
4.3
CVSSv2
CVE-2008-3881
Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23.3 and previous versions allow remote malicious users to inject arbitrary web script or HTML via unspecified "zm_html_view_*.php" files.
Zoneminder Zoneminder 0.9.10Zoneminder Zoneminder 0.9.11Zoneminder Zoneminder 0.9.8Zoneminder Zoneminder 0.9.9Zoneminder Zoneminder 1.17.0Zoneminder Zoneminder 1.19.2Zoneminder Zoneminder 1.19.3Zoneminder Zoneminder 1.21.2Zoneminder Zoneminder 1.21.3Zoneminder Zoneminder 1.23.1Zoneminder Zoneminder 1.23.2Zoneminder ZoneminderZoneminder Zoneminder 0.0.1Zoneminder Zoneminder 0.9.16Zoneminder Zoneminder 0.9.7Zoneminder Zoneminder 1.19.0Zoneminder Zoneminder 1.19.1Zoneminder Zoneminder 1.21.0Zoneminder Zoneminder 1.21.1Zoneminder Zoneminder 1.22.3Zoneminder Zoneminder 1.23.0Zoneminder Zoneminder 0.9.14
10
CVSSv2
CVE-2008-3882
Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and previous versions allows remote malicious users to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php.
Zoneminder Zoneminder 0.9.13Zoneminder Zoneminder 0.9.14Zoneminder Zoneminder 0.9.10Zoneminder Zoneminder 0.9.11Zoneminder Zoneminder 0.9.12Zoneminder Zoneminder 0.9.9Zoneminder Zoneminder 1.17.0Zoneminder Zoneminder 1.19.2Zoneminder Zoneminder 1.19.3Zoneminder Zoneminder 1.21.3Zoneminder Zoneminder 1.21.4Zoneminder Zoneminder 1.23.2Zoneminder Zoneminder 0.9.15Zoneminder Zoneminder 0.9.16Zoneminder Zoneminder 1.18.0Zoneminder Zoneminder 1.18.1Zoneminder Zoneminder 1.20.0Zoneminder Zoneminder 1.20.1Zoneminder Zoneminder 1.22.2Zoneminder Zoneminder 1.22.3Zoneminder Zoneminder 1.17.1Zoneminder Zoneminder 1.17.2
7.5
CVSSv2
CVE-2008-1381
ZoneMinder prior to 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL.
Zoneminder Zoneminder 0.9.10Zoneminder Zoneminder 0.9.11Zoneminder Zoneminder 0.9.8Zoneminder Zoneminder 0.9.9Zoneminder Zoneminder 1.19.2Zoneminder Zoneminder 1.19.3Zoneminder Zoneminder 1.21.2Zoneminder Zoneminder 1.21.3Zoneminder Zoneminder 1.23.1Zoneminder Zoneminder 1.23.2Zoneminder Zoneminder 0.9.14Zoneminder Zoneminder 0.9.15Zoneminder Zoneminder 1.17.2Zoneminder Zoneminder 1.18.0Zoneminder Zoneminder 1.20.0Zoneminder Zoneminder 1.20.1Zoneminder Zoneminder 1.22.1Zoneminder Zoneminder 1.22.2Zoneminder Zoneminder 0.9.12Zoneminder Zoneminder 0.9.13Zoneminder Zoneminder 1.17.0Zoneminder Zoneminder 1.17.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644unprivilegedCVE-2024-3494CVE-2024-22460CVE-2024-26026CVE-2024-23473firewallCVE-2024-28889XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook