VYPR

Zoneminder

by Zoneminder

Source repositories

CVEs (87)

  • CVE-2008-6756Apr 27, 2009
    risk 0.00cvss epss 0.00

    ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file.

  • CVE-2008-6755Apr 27, 2009
    risk 0.00cvss epss 0.01

    ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.

  • CVE-2008-3881Sep 2, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified "zm_html_view_*.php" files.

  • CVE-2008-3880Sep 2, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter.

  • CVE-2008-3882Sep 2, 2008
    risk 0.00cvss epss 0.03

    Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php.

  • CVE-2008-1381May 1, 2008
    risk 0.00cvss epss 0.03

    ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL.

  • CVE-2004-0227Jun 14, 2004
    risk 0.00cvss epss 0.03

    Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string.

Page 5 of 5