PT-2022-20303 · Unknown +2 · Zoneminder +2

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.36.13 Description: The issue allows an attacker to poison a session cookie, which can then be used by the next logged-in user. This can lead to unauthorized access to user accounts. Recommendations: For ZoneMind...

ZoneMinder Language Settings Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ZoneMinder Language Settings Remote Code Execution', 'Description' = %q This module exploits arbitrary file write in debug log file option chaine...

Remote code execution

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability...

ZoneMinder 路径遍历漏洞

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. A remote code execution vulnerability exists in versions prior to ZoneMinder 1.36.13, which can be exploited by attackers to cause arbitrary code execution...

PT-2022-6497 · Unknown +4 · Zoneminder +4

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.36.13 Description: The issue is related to incorrect restriction of a directory path with limited access in ZoneMinder, a video surveillance software. This can be exploited by a remote attacker to execute...