Zoneminder

Zoneminder

84 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2023-26037

  • EPSS 0.14%
  • Published 25.02.2023 02:15:13
  • Last modified 21.11.2024 07:50:38

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not p...

8.8

CVE-2023-26039

  • EPSS 1.41%
  • Published 25.02.2023 02:15:13
  • Last modified 21.11.2024 07:50:38

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl() in (/web/api/app/Controlle...

8.8

CVE-2023-26034

Exploit
  • EPSS 0.45%
  • Published 25.02.2023 01:15:56
  • Last modified 21.11.2024 07:50:37

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The (blind) SQL Injection vulne...

8.1

CVE-2023-26032

  • EPSS 0.19%
  • Published 25.02.2023 01:15:56
  • Last modified 21.11.2024 07:50:37

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the...

6.1

CVE-2023-25825

Exploit
  • EPSS 0.52%
  • Published 25.02.2023 01:15:56
  • Last modified 21.11.2024 07:50:16

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs...

4.6

CVE-2022-30769

  • EPSS 0.16%
  • Published 15.11.2022 22:15:11
  • Last modified 30.04.2025 17:15:49

Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user.

5.4

CVE-2022-30768

  • EPSS 0.24%
  • Published 15.11.2022 22:15:11
  • Last modified 30.04.2025 17:15:49

A Stored Cross Site Scripting (XSS) issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin (or non-Admin users that can see other users logged into the platform) clicks on Logout. NOTE: ...

5.4

CVE-2022-39285

Exploit
  • EPSS 0.5%
  • Published 07.10.2022 21:15:11
  • Last modified 21.11.2024 07:17:57

ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to pro...

7.5

CVE-2022-39289

Exploit
  • EPSS 0.09%
  • Published 07.10.2022 21:15:11
  • Last modified 21.11.2024 07:17:57

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privil...

5.4

CVE-2022-39291

Exploit
  • EPSS 2.07%
  • Published 07.10.2022 21:15:11
  • Last modified 21.11.2024 07:17:58

ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. ...