Zoneminder

Zoneminder

86 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2023-26035

  • EPSS 55.72%
  • Veröffentlicht 25.02.2023 02:15:13
  • Zuletzt bearbeitet 21.11.2024 07:50:37

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorizat...

9.8

CVE-2023-26036

Exploit
  • EPSS 0.46%
  • Veröffentlicht 25.02.2023 02:15:13
  • Zuletzt bearbeitet 21.11.2024 07:50:38

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via /web/...

9.8

CVE-2023-26037

  • EPSS 0.71%
  • Veröffentlicht 25.02.2023 02:15:13
  • Zuletzt bearbeitet 21.11.2024 07:50:38

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not p...

8.8

CVE-2023-26039

  • EPSS 5.84%
  • Veröffentlicht 25.02.2023 02:15:13
  • Zuletzt bearbeitet 21.11.2024 07:50:38

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl() in (/web/api/app/Controlle...

8.8

CVE-2023-26034

Exploit
  • EPSS 1.79%
  • Veröffentlicht 25.02.2023 01:15:56
  • Zuletzt bearbeitet 21.11.2024 07:50:37

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The (blind) SQL Injection vulne...

8.1

CVE-2023-26032

  • EPSS 0.28%
  • Veröffentlicht 25.02.2023 01:15:56
  • Zuletzt bearbeitet 21.11.2024 07:50:37

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the...

6.1

CVE-2023-25825

Exploit
  • EPSS 0.89%
  • Veröffentlicht 25.02.2023 01:15:56
  • Zuletzt bearbeitet 21.11.2024 07:50:16

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs...

4.6

CVE-2022-30769

  • EPSS 0.17%
  • Veröffentlicht 15.11.2022 22:15:11
  • Zuletzt bearbeitet 30.04.2025 17:15:49

Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user.

5.4

CVE-2022-30768

  • EPSS 0.09%
  • Veröffentlicht 15.11.2022 22:15:11
  • Zuletzt bearbeitet 30.04.2025 17:15:49

A Stored Cross Site Scripting (XSS) issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin (or non-Admin users that can see other users logged into the platform) clicks on Logout. NOTE: ...

6.5

CVE-2022-39290

Exploit
  • EPSS 2.83%
  • Veröffentlicht 07.10.2022 21:15:11
  • Zuletzt bearbeitet 21.11.2024 07:17:58

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing...