CVE-2023-26037

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute...

UBUNTU-CVE-2023-26035

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the...

Double free

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion Untrusted Search Path vulnerability via /web/index.php. By controlling $view, any local file...

CVE-2023-26038 ZoneMinder contains Local File Inclusion vulnerability via `web/ajax/modal.php`

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion Untrusted Search Path vulnerability via web/ajax/modal.php, where an arbitrary php file path c...

CVE-2023-26037 ZoneMinder contains SQL Injection via report_event_audit

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute...

DEBIAN-CVE-2023-26032

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when performing an SQL...

CVE-2023-26034 ZoneMinder SQL Injection

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The blind SQL Injection vulnerability is present within the...

CVE-2023-26032

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when performing an SQL...

ZoneMinder 代码问题漏洞

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, among others. A security vulnerability exists in ZoneMinder versions prior to 1.36.33 and prior to 1.37.33 that stems from the presence of a local file inclusion vulnerability...

PT-2023-20438 · Unknown +2 · Zoneminder +2

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.36.33 ZoneMinder versions prior to 1.37.33 Description: The issue is a Local File Inclusion Untrusted Search Path vulnerability via /web/index.php. By controlling $view, any local file ending in .php can be...

ZoneMinder 代码问题漏洞

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, among others. A security vulnerability exists in ZoneMinder versions prior to 1.36.33 and prior to 1.37.33 that stems from the presence of a local file inclusion vulnerability...

ZoneMinder SQL注入漏洞

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, among others. A security vulnerability exists in ZoneMinder versions prior to 1.36.33 and prior to 1.37.33 that stems from the presence of a SQL injection vulnerability...

PT-2023-20437 · Unknown +2 · Zoneminder +2

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.36.33 and 1.37.33 Description: The issue is a SQL Injection vulnerability present within the filterQueryterms0attr query string parameter of the "/zm/index.php" endpoint. A user with the View or Edit permissions...

PT-2023-20440 · Unknown +2 · Zoneminder +2

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.36.33 ZoneMinder versions prior to 1.37.33 Description: The issue concerns a Local File Inclusion vulnerability via the "web/ajax/modal.php" endpoint, where an arbitrary php file path can be passed in the reques...