Lucene search
K

38 matches found

NVD
NVD
added 2023/02/25 2:15 a.m.28 views

CVE-2023-26038

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion Untrusted Search Path vulnerability via web/ajax/modal.php, where an arbitrary php file path c...

6.5CVSS5.8AI score0.0051EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2023/02/25 2:15 a.m.52 views

CVE-2023-26037

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute...

9.8CVSS7.3AI score0.00607EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/02/25 2:15 a.m.100 views

CVE-2023-26039

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl in /web/api/app/Controller/HostController.php. Any authenticated user can...

8.8CVSS7.3AI score0.01246EPSS
Exploits0References2
Prion
Prion
added 2023/02/25 2:15 a.m.12 views

Design/Logic Flaw

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion Untrusted Search Path vulnerability via web/ajax/modal.php, where an arbitrary php file path c...

6.4CVSS6.3AI score0.0051EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/02/25 2:15 a.m.31 views

Remote code execution

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the...

7.5CVSS9.2AI score0.80462EPSS
Exploits11References2Affected Software1
UbuntuCve
UbuntuCve
added 2023/02/25 2:15 a.m.33 views

CVE-2023-26035

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the...

9.8CVSS7.2AI score0.80462EPSS
Exploits11References2
Prion
Prion
added 2023/02/25 2:15 a.m.21 views

Sql injection

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute...

7.5CVSS9.4AI score0.00607EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2023/02/25 1:31 a.m.44 views

CVE-2023-26039

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl in /web/api/app/Controller/HostController.php. Any authenticated user can...

8.8CVSS8.8AI score0.01246EPSS
Exploits0
OSV
OSV
added 2023/02/25 1:27 a.m.21 views

CVE-2023-26038 ZoneMinder contains Local File Inclusion vulnerability via `web/ajax/modal.php`

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion Untrusted Search Path vulnerability via web/ajax/modal.php, where an arbitrary php file path c...

5.4CVSS6.7AI score0.0051EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/02/25 1:27 a.m.44 views

CVE-2023-26038 ZoneMinder contains Local File Inclusion vulnerability via `web/ajax/modal.php`

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion Untrusted Search Path vulnerability via web/ajax/modal.php, where an arbitrary php file path c...

5.4CVSS6.8AI score0.0051EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2023/02/25 1:27 a.m.18 views

CVE-2023-26038

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion Untrusted Search Path vulnerability via web/ajax/modal.php, where an arbitrary php file path c...

6.5CVSS3.3AI score0.0051EPSS
Exploits1
CVE
CVE
added 2023/02/25 1:27 a.m.58 views

CVE-2023-26038

ZoneMinder (Linux) is affected by a Local File Inclusion via web/ajax/modal.php. An arbitrary PHP file path can be passed and loaded in versions before 1.36.33 and 1.37.33; the issue is patched in 1.36.33 and 1.37.33. Exploitation details are not provided in the supplied documents.

6.5CVSS5.8AI score0.0051EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/02/25 1:18 a.m.56 views

CVE-2023-26037

ZoneMinder for Linux versions prior to 1.36.33 and 1.37.33 contain an SQL Injection vulnerability where minTime and maxTime are not properly validated, allowing arbitrary SQL execution. The issue is fixed in 1.36.33 and 1.37.33. Remediation: upgrade to these fixed versions or apply vendor-provide...

9.8CVSS9.3AI score0.00607EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/02/25 1:18 a.m.37 views

CVE-2023-26037 ZoneMinder contains SQL Injection via report_event_audit

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute...

8.9CVSS9.7AI score0.00607EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2023/02/25 1:18 a.m.24 views

CVE-2023-26037

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute...

9.8CVSS9.7AI score0.00607EPSS
Exploits0
NVD
NVD
added 2023/02/25 1:15 a.m.36 views

CVE-2023-26032

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when performing an SQL...

8.9CVSS9AI score0.0062EPSS
Exploits0References1
NVD
NVD
added 2023/02/25 1:15 a.m.27 views

CVE-2023-26034

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The blind SQL Injection vulnerability is present within the...

9.6CVSS9.9AI score0.01579EPSS
Exploits1References1
Prion
Prion
added 2023/02/25 1:15 a.m.21 views

Sql injection

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The blind SQL Injection vulnerability is present within the...

6.5CVSS9.2AI score0.01579EPSS
Exploits1References1Affected Software1
UbuntuCve
UbuntuCve
added 2023/02/25 1:15 a.m.39 views

CVE-2023-26034

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The blind SQL Injection vulnerability is present within the...

9.6CVSS7.7AI score0.01579EPSS
Exploits1References2
Prion
Prion
added 2023/02/25 1:15 a.m.20 views

Sql injection

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when performing an SQL...

5.1CVSS8.2AI score0.0062EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder