VYPR

Zoneminder

by Zoneminder

Source repositories

CVEs (87)

  • CVE-2024-43360Aug 12, 2024
    risk 0.00cvss epss 0.06

    ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61.

  • CVE-2024-43359Aug 12, 2024
    risk 0.00cvss epss 0.00

    ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 and 1.37.61.

  • CVE-2024-43358Aug 12, 2024
    risk 0.00cvss epss 0.00

    ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the filter view via the filter[Id]. This vulnerability is fixed in 1.36.34 and 1.37.61.

  • CVE-2023-41884Aug 12, 2024
    risk 0.00cvss epss 0.01

    ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34.

  • CVE-2020-25730Apr 4, 2024
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF component in classic/views/download.php.

  • CVE-2023-26039Feb 25, 2023
    risk 0.00cvss epss 0.01

    ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl() in (/web/api/app/Controller/HostController.php). Any…

  • CVE-2023-26038Feb 25, 2023
    risk 0.00cvss epss 0.01

    ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via web/ajax/modal.php, where an…

  • CVE-2023-26037Feb 25, 2023
    risk 0.00cvss epss 0.01

    ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could…

  • CVE-2023-26036Feb 25, 2023
    risk 0.00cvss epss 0.01

    ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via /web/index.php. By controlling…

  • CVE-2023-26034Feb 25, 2023
    risk 0.00cvss epss 0.02

    ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The (blind) SQL Injection vulnerability is present within…

  • CVE-2023-26032Feb 25, 2023
    risk 0.00cvss epss 0.01

    ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when…

  • CVE-2023-25825Feb 25, 2023
    risk 0.00cvss epss 0.01

    ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious…

  • CVE-2022-30768Nov 15, 2022
    risk 0.00cvss epss 0.01

    A Stored Cross Site Scripting (XSS) issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin (or non-Admin users that can see other users logged into the platform) clicks on Logout. NOTE: this exists in later versions…

  • CVE-2022-30769Nov 15, 2022
    risk 0.00cvss epss 0.00

    Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user.

  • CVE-2022-39290Oct 7, 2022
    risk 0.00cvss epss 0.05

    ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET…

  • CVE-2022-39291Oct 7, 2022
    risk 0.00cvss epss 0.05

    ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an…

  • CVE-2022-39289Oct 7, 2022
    risk 0.00cvss epss 0.01

    ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo…

  • CVE-2022-39285Oct 7, 2022
    risk 0.00cvss epss 0.04

    ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute…

  • CVE-2020-25729Sep 17, 2020
    risk 0.00cvss epss 0.01

    ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.

  • CVE-2019-13072Jun 30, 2019
    risk 0.00cvss epss 0.01

    Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page.

Page 2 of 5