Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zoneminder zoneminder vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-7352
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder up to and including 1.32.3, as the view 'state' (aka Run State) (state.php) does no input validation to the value supplied to the 'New State' (aka newState) field, allowing an malicious user to exec...
Zoneminder Zoneminder
7.5
CVSSv3
CVE-2016-10140
Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated malicious user to browse all directories in the web root, e.g., a remote unauthenticated at...
Zoneminder Zoneminder 1.30.0
1 Github repository
6.1
CVSSv3
CVE-2017-7203
A Cross-Site Scripting (XSS) exists in ZoneMinder prior to 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute...
Zoneminder Zoneminder 1.30.2
5.4
CVSSv3
CVE-2019-13072
Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page.
Zoneminder Zoneminder 1.32.3
NA
CVE-2008-6755
ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote malicious users to modify this file by accessing it through a (1) PHP or (2) CGI script.
Zoneminder Zoneminder 1.23.3
5.4
CVSSv3
CVE-2022-30768
A Stored Cross Site Scripting (XSS) issue in ZoneMinder 1.36.12 allows an malicious user to execute HTML or JavaScript code via the Username field when an Admin (or non-Admin users that can see other users logged into the platform) clicks on Logout. NOTE: this exists in later ver...
Zoneminder Zoneminder 1.36.12
NA
CVE-2008-6756
ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file.
Zoneminder Zoneminder 1.23.3
6.1
CVSSv3
CVE-2019-6777
An issue exists in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter.
Zoneminder Zoneminder 1.32.3
NA
CVE-2008-2033
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-1381. Reason: This candidate is a duplicate of CVE-2008-1381. Notes: All CVE users should reference CVE-2008-1381 instead of this candidate. All references and descriptions in this candidate have been removed...
NA
CVE-2020-25730
Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF component in classic/views/download.php.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8