Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zoneminder vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-7332
Reflected Cross Site Scripting (XSS) exists in ZoneMinder up to and including 1.32.3, allowing an malicious user to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view download (download.php) because proper filtration is omi...
Zoneminder Zoneminder
4.3
CVSSv2
CVE-2019-7334
Reflected Cross Site Scripting (XSS) exists in ZoneMinder up to and including 1.32.3, allowing an malicious user to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export (export.php) because proper filtration is omitted.
Zoneminder Zoneminder
4.3
CVSSv2
CVE-2019-7349
Reflected Cross Site Scripting (XSS) exists in ZoneMinder up to and including 1.32.3, allowing an malicious user to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in the view monitor (monitor.php) because proper filtra...
Zoneminder Zoneminder
NA
CVE-2023-26032
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions before 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when perf...
Zoneminder Zoneminder
NA
CVE-2023-26034
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions before 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The (blind) SQL Injection vulnerability is present within the `...
Zoneminder Zoneminder
NA
CVE-2023-26036
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions before 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via /web/index.php. By controlling $view,...
Zoneminder Zoneminder
NA
CVE-2023-26037
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions before 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be u...
Zoneminder Zoneminder
NA
CVE-2023-26038
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions before 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via web/ajax/modal.php, where an arbitrar...
Zoneminder Zoneminder
NA
CVE-2023-26039
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions before 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl() in (/web/api/app/Controller/HostController.php). Any authe...
Zoneminder Zoneminder
4.3
CVSSv2
CVE-2020-25729
ZoneMinder prior to 1.34.21 has XSS via the connkey parameter to download.php or export.php.
Zoneminder Zoneminder
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »