Zoneminder
by Zoneminder
Source repositories
CVEs (87)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-6756 | 0.00 | — | 0.00 | Apr 27, 2009 | ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file. | |||
| CVE-2008-6755 | 0.00 | — | 0.01 | Apr 27, 2009 | ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script. | |||
| CVE-2008-3881 | 0.00 | — | 0.01 | Sep 2, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified "zm_html_view_*.php" files. | |||
| CVE-2008-3880 | 0.00 | — | 0.01 | Sep 2, 2008 | SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter. | |||
| CVE-2008-3882 | 0.00 | — | 0.03 | Sep 2, 2008 | Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php. | |||
| CVE-2008-1381 | 0.00 | — | 0.03 | May 1, 2008 | ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL. | |||
| CVE-2004-0227 | 0.00 | — | 0.03 | Jun 14, 2004 | Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string. |
- CVE-2008-6756Apr 27, 2009risk 0.00cvss —epss 0.00
ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file.
- CVE-2008-6755Apr 27, 2009risk 0.00cvss —epss 0.01
ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
- CVE-2008-3881Sep 2, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified "zm_html_view_*.php" files.
- CVE-2008-3880Sep 2, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter.
- CVE-2008-3882Sep 2, 2008risk 0.00cvss —epss 0.03
Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php.
- CVE-2008-1381May 1, 2008risk 0.00cvss —epss 0.03
ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL.
- CVE-2004-0227Jun 14, 2004risk 0.00cvss —epss 0.03
Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string.
Page 5 of 5