Lucene search
K

1264 matches found

CNNVD
CNNVD
added 2023/02/25 12:0 a.m.4 views

ZoneMinder SQL注入漏洞

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, among others. A security vulnerability exists in ZoneMinder versions prior to 1.36.33 and prior to 1.37.33 that stems from the presence of a SQL injection vulnerability...

9.8CVSS8.4AI score0.00607EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/02/25 12:0 a.m.5 views

PT-2023-20439 · Unknown +2 · Zoneminder +2

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.36.33 ZoneMinder versions prior to 1.37.33 Description: The issue is related to an SQL Injection in ZoneMinder, a free, open source Closed-circuit television software application for Linux. The minTime and maxTi...

9.8CVSS8.1AI score0.80462EPSS
Exploits28References49
Positive Technologies
Positive Technologies
added 2023/02/25 12:0 a.m.3 views

PT-2023-20435 · Unknown +2 · Zoneminder +2

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.36.33 and 1.37.33 Description: The issue concerns SQL Injection via a malicious JSON web token. The Username field of the JWT token was trusted when performing an SQL query to load the user. If an attacker could...

9.8CVSS8.3AI score0.80462EPSS
Exploits28References48
CNNVD
CNNVD
added 2023/02/25 12:0 a.m.5 views

ZoneMinder 代码问题漏洞

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, among others. A security vulnerability exists in ZoneMinder versions prior to 1.36.33 and prior to 1.37.33 that stems from the presence of a local file inclusion vulnerability...

9.8CVSS8.2AI score0.00897EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/02/25 12:0 a.m.5 views

PT-2023-20440 · Unknown +2 · Zoneminder +2

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.36.33 ZoneMinder versions prior to 1.37.33 Description: The issue concerns a Local File Inclusion vulnerability via the "web/ajax/modal.php" endpoint, where an arbitrary php file path can be passed in the reques...

9.8CVSS7.3AI score0.80462EPSS
Exploits28References47
Positive Technologies
Positive Technologies
added 2023/02/25 12:0 a.m.4 views

PT-2023-20438 · Unknown +2 · Zoneminder +2

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.36.33 ZoneMinder versions prior to 1.37.33 Description: The issue is a Local File Inclusion Untrusted Search Path vulnerability via /web/index.php. By controlling $view, any local file ending in .php can be...

9.8CVSS7.1AI score0.80462EPSS
Exploits28References48
CNNVD
CNNVD
added 2023/02/25 12:0 a.m.4 views

ZoneMinder SQL注入漏洞

ZoneMinder is an open source video surveillance software system. The system supports IP, USB, and analog cameras, among others. A security vulnerability exists in ZoneMinder versions prior to 1.36.33 and prior to 1.37.33 that stems from the presence of a SQL injection vulnerability, which can be...

9.6CVSS8.8AI score0.01579EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/02/25 12:0 a.m.22 views

ZoneMinder 安全漏洞

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, among others. A security vulnerability exists in ZoneMinder versions prior to 1.36.33 and prior to 1.37.33, which stems from the presence of an unauthenticated remote code execution vi...

9.8CVSS9AI score0.80462EPSS
Exploits11References3
OpenVAS
OpenVAS
added 2022/11/23 12:0 a.m.20 views

ZoneMinder < 1.36.27, 1.37.x < 1.37.24 Multiple Vulnerabilities

ZoneMinder is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zoneminder:zoneminder"; if...

9.1CVSS6.7AI score0.05444EPSS
Exploits7References4
OpenVAS
OpenVAS
added 2022/11/23 12:0 a.m.22 views

ZoneMinder < 1.36.13 Multiple Vulnerabilities

ZoneMinder is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zoneminder:zoneminder"; if...

9.8CVSS7.1AI score0.66317EPSS
Exploits6References4
OSV
OSV
added 2022/11/15 10:15 p.m.29 views

CVE-2022-30768

A Stored Cross Site Scripting XSS issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin or non-Admin users that can see other users logged into the platform clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 an...

5.4CVSS5.4AI score
Exploits0References2
NVD
NVD
added 2022/11/15 10:15 p.m.26 views

CVE-2022-30768

A Stored Cross Site Scripting XSS issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin or non-Admin users that can see other users logged into the platform clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 an...

5.4CVSS0.00569EPSS
Exploits0References2
NVD
NVD
added 2022/11/15 10:15 p.m.29 views

CVE-2022-30769

Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user...

4.6CVSS0.00476EPSS
Exploits0References2
OSV
OSV
added 2022/11/15 10:15 p.m.14 views

CVE-2022-30769

Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user...

4.6CVSS4.7AI score
Exploits0References2
OSV
OSV
added 2022/11/15 10:15 p.m.2 views

DEBIAN-CVE-2022-30768

A Stored Cross Site Scripting XSS issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin or non-Admin users that can see other users logged into the platform clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 an...

5.4CVSS6.5AI score0.00569EPSS
Exploits0References1
OSV
OSV
added 2022/11/15 10:15 p.m.3 views

DEBIAN-CVE-2022-30769

Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user...

4.6CVSS6.3AI score0.00476EPSS
Exploits0References1
Prion
Prion
added 2022/11/15 10:15 p.m.27 views

Cross site scripting

A Stored Cross Site Scripting XSS issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin or non-Admin users that can see other users logged into the platform clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 an...

4.9CVSS5.5AI score0.00769EPSS
Exploits1References2Affected Software1
UbuntuCve
UbuntuCve
added 2022/11/15 10:15 p.m.40 views

CVE-2022-30769

Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user...

4.6CVSS6.7AI score0.00476EPSS
Exploits0References3
Prion
Prion
added 2022/11/15 10:15 p.m.19 views

Session fixation

Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user...

4.9CVSS4.7AI score0.00476EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2022/11/15 10:15 p.m.27 views

CVE-2022-30768

A Stored Cross Site Scripting XSS issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin or non-Admin users that can see other users logged into the platform clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 an...

5.4CVSS6.8AI score0.00569EPSS
Exploits0References3
Rows per page
Query Builder