1264 matches found
ZoneMinder SQL注入漏洞
ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, among others. A security vulnerability exists in ZoneMinder versions prior to 1.36.33 and prior to 1.37.33 that stems from the presence of a SQL injection vulnerability...
PT-2023-20439 · Unknown +2 · Zoneminder +2
Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.36.33 ZoneMinder versions prior to 1.37.33 Description: The issue is related to an SQL Injection in ZoneMinder, a free, open source Closed-circuit television software application for Linux. The minTime and maxTi...
PT-2023-20435 · Unknown +2 · Zoneminder +2
Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.36.33 and 1.37.33 Description: The issue concerns SQL Injection via a malicious JSON web token. The Username field of the JWT token was trusted when performing an SQL query to load the user. If an attacker could...
ZoneMinder 代码问题漏洞
ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, among others. A security vulnerability exists in ZoneMinder versions prior to 1.36.33 and prior to 1.37.33 that stems from the presence of a local file inclusion vulnerability...
PT-2023-20440 · Unknown +2 · Zoneminder +2
Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.36.33 ZoneMinder versions prior to 1.37.33 Description: The issue concerns a Local File Inclusion vulnerability via the "web/ajax/modal.php" endpoint, where an arbitrary php file path can be passed in the reques...
PT-2023-20438 · Unknown +2 · Zoneminder +2
Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.36.33 ZoneMinder versions prior to 1.37.33 Description: The issue is a Local File Inclusion Untrusted Search Path vulnerability via /web/index.php. By controlling $view, any local file ending in .php can be...
ZoneMinder SQL注入漏洞
ZoneMinder is an open source video surveillance software system. The system supports IP, USB, and analog cameras, among others. A security vulnerability exists in ZoneMinder versions prior to 1.36.33 and prior to 1.37.33 that stems from the presence of a SQL injection vulnerability, which can be...
ZoneMinder 安全漏洞
ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, among others. A security vulnerability exists in ZoneMinder versions prior to 1.36.33 and prior to 1.37.33, which stems from the presence of an unauthenticated remote code execution vi...
ZoneMinder < 1.36.27, 1.37.x < 1.37.24 Multiple Vulnerabilities
ZoneMinder is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zoneminder:zoneminder"; if...
ZoneMinder < 1.36.13 Multiple Vulnerabilities
ZoneMinder is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zoneminder:zoneminder"; if...
CVE-2022-30768
A Stored Cross Site Scripting XSS issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin or non-Admin users that can see other users logged into the platform clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 an...
CVE-2022-30768
A Stored Cross Site Scripting XSS issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin or non-Admin users that can see other users logged into the platform clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 an...
CVE-2022-30769
Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user...
CVE-2022-30769
Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user...
DEBIAN-CVE-2022-30768
A Stored Cross Site Scripting XSS issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin or non-Admin users that can see other users logged into the platform clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 an...
DEBIAN-CVE-2022-30769
Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user...
Cross site scripting
A Stored Cross Site Scripting XSS issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin or non-Admin users that can see other users logged into the platform clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 an...
CVE-2022-30769
Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user...
Session fixation
Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user...
CVE-2022-30768
A Stored Cross Site Scripting XSS issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin or non-Admin users that can see other users logged into the platform clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 an...