Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zoneminder vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-39289
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upg...
Zoneminder Zoneminder
NA
CVE-2022-39290
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET an...
Zoneminder Zoneminder
NA
CVE-2022-39291
ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed th...
Zoneminder Zoneminder
NA
CVE-2022-39285
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code ...
Zoneminder Zoneminder
4.3
CVSSv2
CVE-2019-7326
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder up to and including 1.32.3, allowing an malicious user to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. This r...
Zoneminder Zoneminder
4.3
CVSSv2
CVE-2019-7329
Reflected Cross Site Scripting (XSS) exists in ZoneMinder up to and including 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XS...
Zoneminder Zoneminder
4.3
CVSSv2
CVE-2019-7331
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder up to and including 1.32.3 while editing an existing monitor field named "signal check color" (monitor.php). There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and ...
Zoneminder Zoneminder
4.3
CVSSv2
CVE-2019-7333
Reflected Cross Site Scripting (XSS) exists in ZoneMinder up to and including 1.32.3, allowing an malicious user to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download (download.php) because proper filtration is omitted.
Zoneminder Zoneminder
4.3
CVSSv2
CVE-2019-7335
Self - Stored XSS exists in ZoneMinder up to and including 1.32.3, allowing an malicious user to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This rela...
Zoneminder Zoneminder
4.3
CVSSv2
CVE-2019-7336
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder up to and including 1.32.3, as the view _monitor_filters.php contains takes in input from the user and saves it into the session, and retrieves it later (insecurely). The values of the MonitorName and Source parameters...
Zoneminder Zoneminder
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »