1264 matches found
CVE-2022-39289 Database log access in ZoneMinder
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as...
CVE-2022-39289
ZoneMinder (zoneMinder API) is affected by CVE-2022-39289: the API exposes database log contents to users without privileges, enabling insertion, modification, and deletion of logs without System Privileges. This results in information disclosure and potential log tampering. The root cause is imp...
CVE-2022-39285 Stored Cross-Site Scripting Vulnerability In File Parameter in zoneminder
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability XSS by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the...
ZoneMinder 信息泄露漏洞
ZoneMinder is an open source video surveillance software system. The system supports IP, USB, and analog cameras, etc. ZoneMinder is vulnerable to an information disclosure vulnerability that stems from the ZoneMinder API exposing database log content to users without permissions, allowing logs t...
CVE-2022-39285 Stored Cross-Site Scripting Vulnerability In File Parameter in zoneminder
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability XSS by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the...
CVE-2022-39290 CSRF key bypass using HTTP methods in zoneminder
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CS...
CVE-2022-39291 Denial of service through logs in zoneminder
ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request...
CVE-2022-39291 Denial of service through logs in zoneminder
ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request...
CVE-2022-39290 CSRF key bypass using HTTP methods in zoneminder
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CS...
CVE-2022-39285
ZoneMinder ( Zones: ZoneMinder ) is affected by CVE-2022-39285. The vulnerability is a stored XSS in the file parameter that allows code injection when a user views a log on the view=log page, by manipulating the log HTML (backing out of tr/td brackets). root cause: insufficient input validation ...
CVE-2022-39289 Database log access in ZoneMinder
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as...
CVE-2022-39291
CVE-2022-39291 affects ZoneMinder. A vulnerability allows users with View system permissions to inject data into Zoneminder logs via an HTTP POST to /zm/index.php, with no rate limiting, potentially impacting database performance or exhausting storage. It is a network-accessible/vectored issue wi...
CVE-2022-39290
ZoneMinder CVE-2022-39290 enables CSRF token bypass by altering requests to the Zoneminder web app, notably replacing HTTP POST with GET and omitting the CSRF key. This allows an authenticated user’s actions to be executed without CSRF protection, potentially leading to unintended actions on the ...
ZoneMinder 跨站脚本漏洞
ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. ZoneMinder has a cross-site scripting vulnerability, which stems from a lack of input validation and can be exploited by attackers to execute code...
CVE-2022-39285
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability XSS by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the...
CVE-2022-39289
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as...
CVE-2022-39290
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CS...
CVE-2022-39291
ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request...
ZoneMinder 输入验证错误漏洞
ZoneMinder is an open source video surveillance software system that supports IP, USB and analog cameras. The system supports IP, USB and analog cameras, etc. ZoneMinder has an input validation error vulnerability, which stems from allowing a user with view system privileges to inject new data in...
ZoneMinder 授权问题漏洞
ZoneMinder is an open source video surveillance software system that supports IP, USB and analog cameras. The system supports IP, USB and analog cameras, etc. A security vulnerability exists in ZoneMinder, which stems from the fact that an authenticated attacker can use the vulnerability to bypas...