VYPR

Zoneminder

by Zoneminder

Source repositories

CVEs (87)

  • CVE-2019-8425Feb 18, 2019
    risk 0.00cvss epss 0.01

    includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.

  • CVE-2019-8429Feb 18, 2019
    risk 0.00cvss epss 0.02

    ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter.

  • CVE-2019-8424Feb 18, 2019
    risk 0.00cvss epss 0.02

    ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.

  • CVE-2019-8426Feb 18, 2019
    risk 0.00cvss epss 0.01

    skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.

  • CVE-2019-8427Feb 18, 2019
    risk 0.00cvss epss 0.02

    daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters.

  • CVE-2019-8428Feb 18, 2019
    risk 0.00cvss epss 0.02

    ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.

  • CVE-2019-8423Feb 18, 2019
    risk 0.00cvss epss 0.02

    ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.

  • CVE-2019-7338Feb 4, 2019
    risk 0.00cvss epss 0.01

    Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration.

  • CVE-2019-7331Feb 4, 2019
    risk 0.00cvss epss 0.01

    Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check color" (monitor.php). There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack.

  • CVE-2019-7343Feb 4, 2019
    risk 0.00cvss epss 0.01

    Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.

  • CVE-2019-7328Feb 4, 2019
    risk 0.00cvss epss 0.01

    Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted.

  • CVE-2019-7329Feb 4, 2019
    risk 0.00cvss epss 0.01

    Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS.

  • CVE-2019-7351Feb 4, 2019
    risk 0.00cvss epss 0.01

    Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the 'log' view page, as demonstrated by the message=User%20'admin'%20Logged%20in…

  • CVE-2019-7325Feb 4, 2019
    risk 0.00cvss epss 0.01

    Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper filtration.

  • CVE-2019-7339Feb 4, 2019
    risk 0.00cvss epss 0.01

    POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log (log.php) because proper filtration is omitted.

  • CVE-2019-7333Feb 4, 2019
    risk 0.00cvss epss 0.01

    Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download (download.php) because proper filtration is omitted.

  • CVE-2019-7340Feb 4, 2019
    risk 0.00cvss epss 0.01

    POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted.

  • CVE-2019-7327Feb 4, 2019
    risk 0.00cvss epss 0.01

    Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) because proper filtration is omitted.

  • CVE-2019-7342Feb 4, 2019
    risk 0.00cvss epss 0.01

    POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because proper filtration is omitted.

  • CVE-2019-7334Feb 4, 2019
    risk 0.00cvss epss 0.01

    Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export (export.php) because proper filtration is omitted.