Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zoneminder zoneminder vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-30769
Session fixation exists in ZoneMinder up to and including 1.36.12 as an attacker can poison a session cookie to the next logged-in user.
Zoneminder Zoneminder
NA
CVE-2022-39291
ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed th...
Zoneminder Zoneminder
NA
CVE-2022-39285
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code ...
Zoneminder Zoneminder
NA
CVE-2022-39289
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upg...
Zoneminder Zoneminder
NA
CVE-2022-39290
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET an...
Zoneminder Zoneminder
7.5
CVSSv2
CVE-2022-29806
ZoneMinder prior to 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.
Zoneminder Zoneminder
4.3
CVSSv2
CVE-2020-25729
ZoneMinder prior to 1.34.21 has XSS via the connkey parameter to download.php or export.php.
Zoneminder Zoneminder
3.5
CVSSv2
CVE-2019-13072
Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page.
Zoneminder Zoneminder 1.32.3
7.5
CVSSv2
CVE-2019-8424
ZoneMinder prior to 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
Zoneminder Zoneminder
7.5
CVSSv2
CVE-2019-8428
ZoneMinder prior to 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.
Zoneminder Zoneminder
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »