Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zoneminder vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2018-1000832
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
Zoneminder Zoneminder
10
CVSSv2
CVE-2008-3882
Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and previous versions allows remote malicious users to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php.
Zoneminder Zoneminder 1.21.1
Zoneminder Zoneminder 1.23.1
Zoneminder Zoneminder 1.23.0
Zoneminder Zoneminder 1.19.1
Zoneminder Zoneminder 1.19.4
Zoneminder Zoneminder 0.9.11
Zoneminder Zoneminder 1.21.3
Zoneminder Zoneminder 1.21.2
Zoneminder Zoneminder
Zoneminder Zoneminder 0.9.8
Zoneminder Zoneminder 0.9.10
Zoneminder Zoneminder 1.18.1
Zoneminder Zoneminder 1.21.0
Zoneminder Zoneminder 0.9.9
Zoneminder Zoneminder 0.9.14
Zoneminder Zoneminder 1.22.2
Zoneminder Zoneminder 1.19.3
Zoneminder Zoneminder 0.0.1
Zoneminder Zoneminder 1.20.1
Zoneminder Zoneminder 1.17.1
Zoneminder Zoneminder 1.22.0
Zoneminder Zoneminder 1.22.3
7.5
CVSSv2
CVE-2022-29806
ZoneMinder prior to 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.
Zoneminder Zoneminder
7.5
CVSSv2
CVE-2019-8423
ZoneMinder up to and including 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
Zoneminder Zoneminder
7.5
CVSSv2
CVE-2019-8424
ZoneMinder prior to 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
Zoneminder Zoneminder
7.5
CVSSv2
CVE-2019-8428
ZoneMinder prior to 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.
Zoneminder Zoneminder
7.5
CVSSv2
CVE-2019-8429
ZoneMinder prior to 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter.
Zoneminder Zoneminder
7.5
CVSSv2
CVE-2019-8427
daemonControl in includes/functions.php in ZoneMinder prior to 1.32.3 allows command injection via shell metacharacters.
Zoneminder Zoneminder
7.5
CVSSv2
CVE-2019-6991
A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder up to and including 1.32.3, allowing an unauthenticated malicious user to execute code via a long username.
Zoneminder Zoneminder
1 Github repository
7.5
CVSSv2
CVE-2018-1000833
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
Zoneminder Zoneminder
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »