Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zoneminder zoneminder vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-39285
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code ...
Zoneminder Zoneminder
NA
CVE-2022-39289
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upg...
Zoneminder Zoneminder
NA
CVE-2022-39291
ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed th...
Zoneminder Zoneminder
7.5
CVSSv2
CVE-2019-8423
ZoneMinder up to and including 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
Zoneminder Zoneminder
7.5
CVSSv2
CVE-2019-8424
ZoneMinder prior to 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
Zoneminder Zoneminder
4.3
CVSSv2
CVE-2019-8425
includes/database.php in ZoneMinder prior to 1.32.3 has XSS in the construction of SQL-ERR messages.
Zoneminder Zoneminder
7.5
CVSSv2
CVE-2019-8427
daemonControl in includes/functions.php in ZoneMinder prior to 1.32.3 allows command injection via shell metacharacters.
Zoneminder Zoneminder
NA
CVE-2022-30769
Session fixation exists in ZoneMinder up to and including 1.36.12 as an attacker can poison a session cookie to the next logged-in user.
Zoneminder Zoneminder
NA
CVE-2022-39290
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET an...
Zoneminder Zoneminder
4.3
CVSSv2
CVE-2019-7343
Reflected - Cross Site Scripting (XSS) exists in ZoneMinder up to and including 1.32.3, allowing an malicious user to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view monitor (monitor.php) because proper filtration is omi...
Zoneminder Zoneminder
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »