CVE-2023-25825

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field. This i...

EUVD-2023-29920

Malicious code in bioql PyPI...

EUVD-2023-29715

Malicious code in bioql PyPI...

CVE-2023-31493

RCE Remote Code Execution exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system...

PT-2024-12284 · Unknown +1 · Zoneminder +1

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions up to 1.36.33 Description: A Remote Code Execution RCE issue exists in ZoneMinder, where an attacker can create a new .php log file in the language folder, execute a crafted payload, and escalate privileges, allowing...

ZoneMinder 安全漏洞

ZoneMinder is an open source video surveillance software system from ZoneMinder Open Source. The system supports IP, USB and analog cameras, among others. A security vulnerability exists in ZoneMinder version 1.36.33, which stems from the presence of Remote Code Execution RCE, which allows an...

CVE-2023-26037

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute...

UBUNTU-CVE-2023-26035

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the...

Double free

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion Untrusted Search Path vulnerability via /web/index.php. By controlling $view, any local file...

CVE-2023-26038 ZoneMinder contains Local File Inclusion vulnerability via `web/ajax/modal.php`

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion Untrusted Search Path vulnerability via web/ajax/modal.php, where an arbitrary php file path c...

CVE-2023-26037 ZoneMinder contains SQL Injection via report_event_audit

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute...

DEBIAN-CVE-2023-26032

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when performing an SQL...

CVE-2023-25825

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field. This i...

DEBIAN-CVE-2023-25825

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field. This i...

Cross site scripting

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field. This i...

UBUNTU-CVE-2023-25825

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field. This i...

CVE-2023-26034 ZoneMinder SQL Injection

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The blind SQL Injection vulnerability is present within the...

CVE-2023-26032

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when performing an SQL...

ZoneMinder 代码问题漏洞

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, among others. A security vulnerability exists in ZoneMinder versions prior to 1.36.33 and prior to 1.37.33 that stems from the presence of a local file inclusion vulnerability...

PT-2023-20438 · Unknown +2 · Zoneminder +2

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.36.33 ZoneMinder versions prior to 1.37.33 Description: The issue is a Local File Inclusion Untrusted Search Path vulnerability via /web/index.php. By controlling $view, any local file ending in .php can be...