4 matches found
UBUNTU-CVE-2020-25730
Cross Site Scripting XSS vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHPSELF component in classic/views/download.php...
DEBIAN-CVE-2019-8423
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filterQueryterms0cnj parameter...
DEBIAN-CVE-2019-8428
ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroupMonitorIds value...
UBUNTU-CVE-2019-7325
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $REQUEST'PHPSELF', without applying any proper filtration...