Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zoneminder vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-1000833
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
Zoneminder Zoneminder
9.8
CVSSv3
CVE-2022-29806
ZoneMinder prior to 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.
Zoneminder Zoneminder
5.4
CVSSv3
CVE-2019-6990
A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder up to and including 1.32.3, allowing an malicious user to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI.
Zoneminder Zoneminder
9.8
CVSSv3
CVE-2019-6991
A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder up to and including 1.32.3, allowing an unauthenticated malicious user to execute code via a long username.
Zoneminder Zoneminder
1 Github repository
6.1
CVSSv3
CVE-2019-6992
A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder up to and including 1.32.3, allowing an malicious user to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI.
Zoneminder Zoneminder
7.3
CVSSv3
CVE-2016-10205
Session fixation vulnerability in Zoneminder 1.30 and previous versions allows remote malicious users to hijack web sessions via the ZMSESSID cookie.
Zoneminder Zoneminder
6.1
CVSSv3
CVE-2019-7328
Reflected Cross Site Scripting (XSS) exists in ZoneMinder up to and including 1.32.3, allowing an malicious user to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is o...
Zoneminder Zoneminder
9.8
CVSSv3
CVE-2019-8424
ZoneMinder prior to 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
Zoneminder Zoneminder
6.1
CVSSv3
CVE-2019-8426
skins/classic/views/controlcap.php in ZoneMinder prior to 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.
Zoneminder Zoneminder
9.8
CVSSv3
CVE-2019-8427
daemonControl in includes/functions.php in ZoneMinder prior to 1.32.3 allows command injection via shell metacharacters.
Zoneminder Zoneminder
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »