Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zoneminder vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-26036
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions before 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via /web/index.php. By controlling $view,...
Zoneminder Zoneminder
9.8
CVSSv3
CVE-2023-26037
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions before 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be u...
Zoneminder Zoneminder
9.8
CVSSv3
CVE-2023-26035
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions before 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions ch...
Zoneminder Zoneminder
6 Github repositories
9.8
CVSSv3
CVE-2022-29806
ZoneMinder prior to 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.
Zoneminder Zoneminder
9.8
CVSSv3
CVE-2019-8423
ZoneMinder up to and including 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
Zoneminder Zoneminder
9.8
CVSSv3
CVE-2019-8424
ZoneMinder prior to 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
Zoneminder Zoneminder
9.8
CVSSv3
CVE-2019-8428
ZoneMinder prior to 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.
Zoneminder Zoneminder
9.8
CVSSv3
CVE-2019-8429
ZoneMinder prior to 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter.
Zoneminder Zoneminder
9.8
CVSSv3
CVE-2019-8427
daemonControl in includes/functions.php in ZoneMinder prior to 1.32.3 allows command injection via shell metacharacters.
Zoneminder Zoneminder
9.8
CVSSv3
CVE-2019-6991
A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder up to and including 1.32.3, allowing an unauthenticated malicious user to execute code via a long username.
Zoneminder Zoneminder
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »