Zoneminder

Zoneminder

84 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2023-26037

  • EPSS 0.14%
  • Veröffentlicht 25.02.2023 02:15:13
  • Zuletzt bearbeitet 21.11.2024 07:50:38

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not p...

8.8

CVE-2023-26039

  • EPSS 1.41%
  • Veröffentlicht 25.02.2023 02:15:13
  • Zuletzt bearbeitet 21.11.2024 07:50:38

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl() in (/web/api/app/Controlle...

8.8

CVE-2023-26034

Exploit
  • EPSS 0.45%
  • Veröffentlicht 25.02.2023 01:15:56
  • Zuletzt bearbeitet 21.11.2024 07:50:37

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The (blind) SQL Injection vulne...

8.1

CVE-2023-26032

  • EPSS 0.19%
  • Veröffentlicht 25.02.2023 01:15:56
  • Zuletzt bearbeitet 21.11.2024 07:50:37

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the...

6.1

CVE-2023-25825

Exploit
  • EPSS 0.52%
  • Veröffentlicht 25.02.2023 01:15:56
  • Zuletzt bearbeitet 21.11.2024 07:50:16

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs...

4.6

CVE-2022-30769

  • EPSS 0.16%
  • Veröffentlicht 15.11.2022 22:15:11
  • Zuletzt bearbeitet 30.04.2025 17:15:49

Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user.

5.4

CVE-2022-30768

  • EPSS 0.24%
  • Veröffentlicht 15.11.2022 22:15:11
  • Zuletzt bearbeitet 30.04.2025 17:15:49

A Stored Cross Site Scripting (XSS) issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin (or non-Admin users that can see other users logged into the platform) clicks on Logout. NOTE: ...

5.4

CVE-2022-39285

Exploit
  • EPSS 0.68%
  • Veröffentlicht 07.10.2022 21:15:11
  • Zuletzt bearbeitet 21.11.2024 07:17:57

ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to pro...

7.5

CVE-2022-39289

Exploit
  • EPSS 0.09%
  • Veröffentlicht 07.10.2022 21:15:11
  • Zuletzt bearbeitet 21.11.2024 07:17:57

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privil...

5.4

CVE-2022-39291

Exploit
  • EPSS 2.07%
  • Veröffentlicht 07.10.2022 21:15:11
  • Zuletzt bearbeitet 21.11.2024 07:17:58

ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. ...