Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zoneminder zoneminder vulnerabilities and exploits
(subscribe to this query)
7.3
CVSSv3
CVE-2019-7350
Session fixation exists in ZoneMinder up to and including 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. This occurs because a set of multiple cookies (between 3 and 5) is being generated when a u...
Zoneminder Zoneminder
6.1
CVSSv3
CVE-2019-7349
Reflected Cross Site Scripting (XSS) exists in ZoneMinder up to and including 1.32.3, allowing an malicious user to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in the view monitor (monitor.php) because proper filtra...
Zoneminder Zoneminder
6.1
CVSSv3
CVE-2019-7352
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder up to and including 1.32.3, as the view 'state' (aka Run State) (state.php) does no input validation to the value supplied to the 'New State' (aka newState) field, allowing an malicious user to exec...
Zoneminder Zoneminder
5.4
CVSSv3
CVE-2019-6990
A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder up to and including 1.32.3, allowing an malicious user to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI.
Zoneminder Zoneminder
6.1
CVSSv3
CVE-2019-6992
A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder up to and including 1.32.3, allowing an malicious user to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI.
Zoneminder Zoneminder
9.8
CVSSv3
CVE-2019-6991
A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder up to and including 1.32.3, allowing an unauthenticated malicious user to execute code via a long username.
Zoneminder Zoneminder
1 Github repository
6.1
CVSSv3
CVE-2019-6777
An issue exists in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter.
Zoneminder Zoneminder 1.32.3
9.8
CVSSv3
CVE-2018-1000832
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
Zoneminder Zoneminder
9.8
CVSSv3
CVE-2018-1000833
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
Zoneminder Zoneminder
6.1
CVSSv3
CVE-2017-7203
A Cross-Site Scripting (XSS) exists in ZoneMinder prior to 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute...
Zoneminder Zoneminder 1.30.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »