Zoneminder

Zoneminder

84 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.9

CVE-2024-51482

  • EPSS 41.98%
  • Veröffentlicht 31.10.2024 18:15:05
  • Zuletzt bearbeitet 05.11.2024 14:15:14

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65.

6.6

CVE-2023-31493

Exploit
  • EPSS 0.43%
  • Veröffentlicht 15.10.2024 15:15:12
  • Zuletzt bearbeitet 27.05.2025 13:55:33

RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system.

9.8

CVE-2024-43360

Exploit
  • EPSS 54.03%
  • Veröffentlicht 12.08.2024 21:15:33
  • Zuletzt bearbeitet 04.09.2024 21:42:20

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61.

6.1

CVE-2024-43359

  • EPSS 0.19%
  • Veröffentlicht 12.08.2024 21:15:33
  • Zuletzt bearbeitet 04.09.2024 21:43:09

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 an...

6.1

CVE-2024-43358

  • EPSS 0.72%
  • Veröffentlicht 12.08.2024 21:15:33
  • Zuletzt bearbeitet 04.09.2024 21:41:06

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the filter view via the filter[Id]. This vulnerability is fixed in 1.36.34 and 1.37.61.

6.5

CVE-2023-41884

Exploit
  • EPSS 0.28%
  • Veröffentlicht 12.08.2024 20:15:07
  • Zuletzt bearbeitet 13.09.2024 15:08:19

ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36...

8.2

CVE-2020-25730

  • EPSS 0.21%
  • Veröffentlicht 04.04.2024 08:15:06
  • Zuletzt bearbeitet 27.05.2025 13:59:27

Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF component in classic/views/download.php.

6.5

CVE-2023-26038

Exploit
  • EPSS 0.14%
  • Veröffentlicht 25.02.2023 02:15:13
  • Zuletzt bearbeitet 21.11.2024 07:50:38

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via web/a...

9.8

CVE-2023-26035

  • EPSS 49.84%
  • Veröffentlicht 25.02.2023 02:15:13
  • Zuletzt bearbeitet 21.11.2024 07:50:37

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorizat...

9.8

CVE-2023-26036

Exploit
  • EPSS 0.14%
  • Veröffentlicht 25.02.2023 02:15:13
  • Zuletzt bearbeitet 21.11.2024 07:50:38

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via /web/...