Lucene search
K

1264 matches found

Cvelist
Cvelist
added 2022/10/07 12:0 a.m.27 views

CVE-2022-39289 Database log access in ZoneMinder

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as...

9.1CVSS9.3AI score0.00754EPSS
Exploits1References2
CVE
CVE
added 2022/10/07 12:0 a.m.352 views

CVE-2022-39289

ZoneMinder (zoneMinder API) is affected by CVE-2022-39289: the API exposes database log contents to users without privileges, enabling insertion, modification, and deletion of logs without System Privileges. This results in information disclosure and potential log tampering. The root cause is imp...

9.1CVSS7.5AI score0.00754EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/07 12:0 a.m.6 views

CVE-2022-39285 Stored Cross-Site Scripting Vulnerability In File Parameter in zoneminder

ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability XSS by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the...

7.6CVSS7.2AI score0.03689EPSS
Exploits4References4
CNNVD
CNNVD
added 2022/10/07 12:0 a.m.5 views

ZoneMinder 信息泄露漏洞

ZoneMinder is an open source video surveillance software system. The system supports IP, USB, and analog cameras, etc. ZoneMinder is vulnerable to an information disclosure vulnerability that stems from the ZoneMinder API exposing database log content to users without permissions, allowing logs t...

9.1CVSS6.2AI score0.00754EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/10/07 12:0 a.m.13 views

CVE-2022-39285 Stored Cross-Site Scripting Vulnerability In File Parameter in zoneminder

ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability XSS by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the...

7.6CVSS7.4AI score0.03689EPSS
Exploits4References4
Cvelist
Cvelist
added 2022/10/07 12:0 a.m.28 views

CVE-2022-39290 CSRF key bypass using HTTP methods in zoneminder

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CS...

8CVSS8AI score0.05444EPSS
Exploits4References3
Cvelist
Cvelist
added 2022/10/07 12:0 a.m.27 views

CVE-2022-39291 Denial of service through logs in zoneminder

ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request...

5.4CVSS5.9AI score0.05052EPSS
Exploits4References6
Vulnrichment
Vulnrichment
added 2022/10/07 12:0 a.m.7 views

CVE-2022-39291 Denial of service through logs in zoneminder

ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request...

5.4CVSS5.6AI score0.05052EPSS
Exploits4References6
Vulnrichment
Vulnrichment
added 2022/10/07 12:0 a.m.5 views

CVE-2022-39290 CSRF key bypass using HTTP methods in zoneminder

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CS...

8CVSS8AI score0.05444EPSS
Exploits4References3
CVE
CVE
added 2022/10/07 12:0 a.m.87 views

CVE-2022-39285

ZoneMinder ( Zones: ZoneMinder ) is affected by CVE-2022-39285. The vulnerability is a stored XSS in the file parameter that allows code injection when a user views a log on the view=log page, by manipulating the log HTML (backing out of tr/td brackets). root cause: insufficient input validation ...

7.6CVSS5.8AI score0.03689EPSS
Exploits4References4Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/07 12:0 a.m.6 views

CVE-2022-39289 Database log access in ZoneMinder

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as...

9.1CVSS9.3AI score0.00754EPSS
Exploits1References2
CVE
CVE
added 2022/10/07 12:0 a.m.89 views

CVE-2022-39291

CVE-2022-39291 affects ZoneMinder. A vulnerability allows users with View system permissions to inject data into Zoneminder logs via an HTTP POST to /zm/index.php, with no rate limiting, potentially impacting database performance or exhausting storage. It is a network-accessible/vectored issue wi...

5.4CVSS5.5AI score0.05052EPSS
Exploits4References6Affected Software1
CVE
CVE
added 2022/10/07 12:0 a.m.99 views

CVE-2022-39290

ZoneMinder CVE-2022-39290 enables CSRF token bypass by altering requests to the Zoneminder web app, notably replacing HTTP POST with GET and omitting the CSRF key. This allows an authenticated user’s actions to be executed without CSRF protection, potentially leading to unintended actions on the ...

8CVSS6.6AI score0.05444EPSS
Exploits4References3Affected Software1
CNNVD
CNNVD
added 2022/10/07 12:0 a.m.6 views

ZoneMinder 跨站脚本漏洞

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. ZoneMinder has a cross-site scripting vulnerability, which stems from a lack of input validation and can be exploited by attackers to execute code...

7.6CVSS6.4AI score0.03689EPSS
Exploits4References5
AlpineLinux
AlpineLinux
added 2022/10/07 12:0 a.m.49 views

CVE-2022-39285

ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability XSS by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the...

7.6CVSS5.7AI score0.03689EPSS
Exploits4
AlpineLinux
AlpineLinux
added 2022/10/07 12:0 a.m.49 views

CVE-2022-39289

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as...

9.1CVSS7.6AI score0.00754EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2022/10/07 12:0 a.m.52 views

CVE-2022-39290

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CS...

8CVSS6.7AI score0.05444EPSS
Exploits4
AlpineLinux
AlpineLinux
added 2022/10/07 12:0 a.m.44 views

CVE-2022-39291

ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request...

5.4CVSS5.6AI score0.05052EPSS
Exploits4
CNNVD
CNNVD
added 2022/10/07 12:0 a.m.5 views

ZoneMinder 输入验证错误漏洞

ZoneMinder is an open source video surveillance software system that supports IP, USB and analog cameras. The system supports IP, USB and analog cameras, etc. ZoneMinder has an input validation error vulnerability, which stems from allowing a user with view system privileges to inject new data in...

5.4CVSS6.6AI score0.05052EPSS
Exploits4References9
CNNVD
CNNVD
added 2022/10/07 12:0 a.m.5 views

ZoneMinder 授权问题漏洞

ZoneMinder is an open source video surveillance software system that supports IP, USB and analog cameras. The system supports IP, USB and analog cameras, etc. A security vulnerability exists in ZoneMinder, which stems from the fact that an authenticated attacker can use the vulnerability to bypas...

8CVSS6.7AI score0.05444EPSS
Exploits4References4
Rows per page
Query Builder