Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zoneminder zoneminder vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2016-10204
SQL injection vulnerability in Zoneminder 1.30 and previous versions allows remote malicious users to execute arbitrary SQL commands via the limit parameter in a log query request to index.php.
Zoneminder Zoneminder
7.5
CVSSv2
CVE-2016-10205
Session fixation vulnerability in Zoneminder 1.30 and previous versions allows remote malicious users to hijack web sessions via the ZMSESSID cookie.
Zoneminder Zoneminder
6.8
CVSSv2
CVE-2016-10206
Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and previous versions allows remote malicious users to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action requ...
Zoneminder Zoneminder
3.5
CVSSv2
CVE-2019-6990
A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder up to and including 1.32.3, allowing an malicious user to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI.
Zoneminder Zoneminder
7.5
CVSSv2
CVE-2019-6991
A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder up to and including 1.32.3, allowing an unauthenticated malicious user to execute code via a long username.
Zoneminder Zoneminder
1 Github repository
4.3
CVSSv2
CVE-2019-6992
A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder up to and including 1.32.3, allowing an malicious user to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI.
Zoneminder Zoneminder
7.5
CVSSv2
CVE-2019-8423
ZoneMinder up to and including 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
Zoneminder Zoneminder
7.5
CVSSv2
CVE-2019-8424
ZoneMinder prior to 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
Zoneminder Zoneminder
4.3
CVSSv2
CVE-2019-8425
includes/database.php in ZoneMinder prior to 1.32.3 has XSS in the construction of SQL-ERR messages.
Zoneminder Zoneminder
4.3
CVSSv2
CVE-2019-8426
skins/classic/views/controlcap.php in ZoneMinder prior to 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.
Zoneminder Zoneminder
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »