Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zoneminder vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-8428
ZoneMinder prior to 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.
Zoneminder Zoneminder
7.5
CVSSv2
CVE-2019-8424
ZoneMinder prior to 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
Zoneminder Zoneminder
7.5
CVSSv2
CVE-2019-8427
daemonControl in includes/functions.php in ZoneMinder prior to 1.32.3 allows command injection via shell metacharacters.
Zoneminder Zoneminder
7.5
CVSSv2
CVE-2019-8429
ZoneMinder prior to 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter.
Zoneminder Zoneminder
NA
CVE-2023-26032
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions before 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when perf...
Zoneminder Zoneminder
NA
CVE-2023-26034
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions before 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The (blind) SQL Injection vulnerability is present within the `...
Zoneminder Zoneminder
NA
CVE-2023-26036
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions before 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via /web/index.php. By controlling $view,...
Zoneminder Zoneminder
NA
CVE-2023-26037
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions before 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be u...
Zoneminder Zoneminder
4.3
CVSSv2
CVE-2016-10203
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the name when creating a new monitor.
Zoneminder Zoneminder
7.5
CVSSv2
CVE-2016-10204
SQL injection vulnerability in Zoneminder 1.30 and previous versions allows remote malicious users to execute arbitrary SQL commands via the limit parameter in a log query request to index.php.
Zoneminder Zoneminder
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »