9 matches found
Exploit for Path Traversal in Zoneminder
CVE-2022-29806 ZoneMinder up to 1.36.12 Language privilege esc...
Linux Distros Unpatched Vulnerability : CVE-2022-29806
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to...
Ubuntu 16.04 ESM / 20.04 ESM / 22.04 ESM : ZoneMinder vulnerabilities (USN-5889-1)
The remote Ubuntu 16.04 ESM / 20.04 ESM / 22.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5889-1 advisory. It was discovered that ZoneMinder was not properly sanitizing URL parameters for certain views. An attacker could possibly use th...
USN-5889-1: ZoneMinder vulnerabilities
It was discovered that ZoneMinder was not properly sanitizing URL parameters for certain views. An attacker could possibly use this issue to perform a cross-site scripting XSS attack. This issue was only fixed in Ubuntu 16.04 ESM. CVE-2019-6777 It was discovered that ZoneMinder was not properly...
ZoneMinder Language Settings Remote Code Execution Exploit
This Metasploit module exploits an arbitrary file write in the debug log file option chained with a path traversal in the language settings that leads to remote code execution in ZoneMinder surveillance software versions before 1.36.13 and before 1.37.11 This module requires Metasploit:...
CVE-2022-29806
creationtimestamp| type| source ---|---|--- 2022-04-26 07:50:55+00:00| seen| https://t.me/cibsecurity/41422 2022-05-04 22:56:15+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/zoneminderlangexec.rb 2025-02-06 03:13:45+00:00| seen|...
CVE-2022-29806
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability...
CVE-2022-29806
CVE-2022-29806 affects ZoneMinder prior to 1.36.13 (and 1.37.11). A path-traversal flaw combined with an arbitrary log file write in the language/debug log path allows attackers to write and execute arbitrary code, enabling remote command execution. There is public exploitation evidence (GitHub e...
Web Servers Malicious HTTP Request Directory Traversal (CVE-2005-3299; CVE-2014-7174; CVE-2022-1476; CVE-2022-29806)
There exists a directory traversal vulnerability On different web servers. The vulnerability is due to an input validation error in a web server that does not properly sanitize the parameters in request body for the directory traversal patterns. Successful exploitation allows unauthenticated remo...