Lucene search
+L

9 matches found

GithubExploit
GithubExploit
added 2025/04/28 3:20 p.m.173 views

Exploit for Path Traversal in Zoneminder

CVE-2022-29806 ZoneMinder up to 1.36.12 Language privilege esc...

9.8CVSS8.6AI score0.67128EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2022-29806

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to...

9.8CVSS9.1AI score0.67128EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2023/02/28 12:0 a.m.48 views

Ubuntu 16.04 ESM / 20.04 ESM / 22.04 ESM : ZoneMinder vulnerabilities (USN-5889-1)

The remote Ubuntu 16.04 ESM / 20.04 ESM / 22.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5889-1 advisory. It was discovered that ZoneMinder was not properly sanitizing URL parameters for certain views. An attacker could possibly use th...

9.8CVSS7.3AI score0.67128EPSS
Exploits18References14
Ubuntu
Ubuntu
added 2023/02/27 11:46 a.m.81 views

USN-5889-1: ZoneMinder vulnerabilities

It was discovered that ZoneMinder was not properly sanitizing URL parameters for certain views. An attacker could possibly use this issue to perform a cross-site scripting XSS attack. This issue was only fixed in Ubuntu 16.04 ESM. CVE-2019-6777 It was discovered that ZoneMinder was not properly...

9.8CVSS7.2AI score0.67128EPSS
Exploits18
0day.today
0day.today
added 2022/05/06 12:0 a.m.363 views

ZoneMinder Language Settings Remote Code Execution Exploit

This Metasploit module exploits an arbitrary file write in the debug log file option chained with a path traversal in the language settings that leads to remote code execution in ZoneMinder surveillance software versions before 1.36.13 and before 1.37.11 This module requires Metasploit:...

9.8CVSS9.8AI score0.67128EPSS
Exploits6
Circl
Circl
added 2022/04/26 7:50 a.m.24 views

CVE-2022-29806

creationtimestamp| type| source ---|---|--- 2022-04-26 07:50:55+00:00| seen| https://t.me/cibsecurity/41422 2022-05-04 22:56:15+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/zoneminderlangexec.rb 2025-02-06 03:13:45+00:00| seen|...

9.8CVSS8.5AI score0.67128EPSS
Exploits6References3
AlpineLinux
AlpineLinux
added 2022/04/26 4:15 a.m.55 views

CVE-2022-29806

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability...

9.8CVSS5.2AI score0.67128EPSS
Exploits6
CVE
CVE
added 2022/04/26 3:15 a.m.178 views

CVE-2022-29806

CVE-2022-29806 affects ZoneMinder prior to 1.36.13 (and 1.37.11). A path-traversal flaw combined with an arbitrary log file write in the language/debug log path allows attackers to write and execute arbitrary code, enabling remote command execution. There is public exploitation evidence (GitHub e...

9.8CVSS9.6AI score0.67128EPSS
Exploits6References5Affected Software1
Check Point Advisories
Check Point Advisories
added 2013/08/12 12:0 a.m.145 views

Web Servers Malicious HTTP Request Directory Traversal (CVE-2005-3299; CVE-2014-7174; CVE-2022-1476; CVE-2022-29806)

There exists a directory traversal vulnerability On different web servers. The vulnerability is due to an input validation error in a web server that does not properly sanitize the parameters in request body for the directory traversal patterns. Successful exploitation allows unauthenticated remo...

7.5CVSS7.5AI score0.67128EPSS
Exploits7
Rows per page
Query Builder