Linux Distros Unpatched Vulnerability : CVE-2022-39285

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability XSS by...

CVE-2023-39285

CVE-2023-39285 affects Mitel MiVoice Connect, Edge Gateway component, up to version 19.3 SP3 (22.24.5800.0). The vulnerability is a CSRF due to insufficient request validation, allowing an unauthenticated attacker to provide a modified URL and potentially modify system configuration settings. Con...

Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass Exploit

Exploit Title: Zoneminder v1.36.26 - Log Injection - CSRF Bypass - Stored Cross-Site Scripting XSS Exploit Author: Trenches of IT Vendor Homepage: https://github.com/ZoneMinder/zoneminder Version: v1.36.26 Tested on: Linux/Windows CVE: CVE-2022-39285, CVE-2022-39290, CVE-2022-39291 Writeup:...

Zoneminder &lt; v1.37.24 - Log Injection &amp; Stored XSS &amp; CSRF Bypass

Exploit Title: Zoneminder v1.36.26 - Log Injection - CSRF Bypass - Stored Cross-Site Scripting XSS Date: 10/01/2022 Exploit Author: Trenches of IT Vendor Homepage: https://github.com/ZoneMinder/zoneminder Version: v1.36.26 Tested on: Linux/Windows CVE: CVE-2022-39285, CVE-2022-39290, CVE-2022-392...

Zoneminder Log Injection / XSS / Cross Site Request Forgery

Exploit Title: Zoneminder v1.36.26 - Log Injection - CSRF Bypass - Stored Cross-Site Scripting XSS Date: 10/01/2022 Exploit Author: Trenches of IT Vendor Homepage: https://github.com/ZoneMinder/zoneminder Version: v1.36.26 Tested on: Linux/Windows CVE: CVE-2022-39285, CVE-2022-39290, CVE-2022-392...

ZoneMinder < 1.36.27, 1.37.x < 1.37.24 Multiple Vulnerabilities

ZoneMinder is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zoneminder:zoneminder"; if...

CVE-2022-39285

creationtimestamp| type| source ---|---|--- 2022-10-08 00:17:32+00:00| seen| https://t.me/cibsecurity/51026 2023-03-27 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/51071...

CVE-2022-39285

ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability XSS by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the...

CVE-2022-39285

ZoneMinder ( Zones: ZoneMinder ) is affected by CVE-2022-39285. The vulnerability is a stored XSS in the file parameter that allows code injection when a user views a log on the view=log page, by manipulating the log HTML (backing out of tr/td brackets). root cause: insufficient input validation ...

CVE-2021-39285

Versa Director 16.1R2 Build S8 contains a cross-site scripting (XSS) vulnerability. An attacker can use the administration web interface URL to inject scripts. The CVE-2021-39285 entry documents this XSS issue; no explicit exploit details, affected component is Versa Director’s web interface, and...