Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zoneminder vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-8427
daemonControl in includes/functions.php in ZoneMinder prior to 1.32.3 allows command injection via shell metacharacters.
Zoneminder Zoneminder
9.8
CVSSv3
CVE-2019-8428
ZoneMinder prior to 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.
Zoneminder Zoneminder
9.8
CVSSv3
CVE-2019-8429
ZoneMinder prior to 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter.
Zoneminder Zoneminder
6.1
CVSSv3
CVE-2019-8426
skins/classic/views/controlcap.php in ZoneMinder prior to 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.
Zoneminder Zoneminder
6.1
CVSSv3
CVE-2019-8425
includes/database.php in ZoneMinder prior to 1.32.3 has XSS in the construction of SQL-ERR messages.
Zoneminder Zoneminder
6.1
CVSSv3
CVE-2019-7325
Reflected Cross Site Scripting (XSS) exists in ZoneMinder up to and including 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper filtration.
Zoneminder Zoneminder
6.1
CVSSv3
CVE-2019-7326
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder up to and including 1.32.3, allowing an malicious user to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. This r...
Zoneminder Zoneminder
6.1
CVSSv3
CVE-2019-7327
Reflected Cross Site Scripting (XSS) exists in ZoneMinder up to and including 1.32.3, allowing an malicious user to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) because proper filtration is omitted.
Zoneminder Zoneminder
6.1
CVSSv3
CVE-2019-7328
Reflected Cross Site Scripting (XSS) exists in ZoneMinder up to and including 1.32.3, allowing an malicious user to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is o...
Zoneminder Zoneminder
6.1
CVSSv3
CVE-2019-7330
Reflected Cross Site Scripting (XSS) exists in ZoneMinder up to and including 1.32.3, allowing an malicious user to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame (frame.php) because proper filtration is omitted.
Zoneminder Zoneminder
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »