8 matches found
CVE-2022-39291
ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request...
Zoneminder Log Injection / XSS / Cross Site Request Forgery
Exploit Title: Zoneminder v1.36.26 - Log Injection - CSRF Bypass - Stored Cross-Site Scripting XSS Date: 10/01/2022 Exploit Author: Trenches of IT Vendor Homepage: https://github.com/ZoneMinder/zoneminder Version: v1.36.26 Tested on: Linux/Windows CVE: CVE-2022-39285, CVE-2022-39290, CVE-2022-392...
Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass Exploit
Exploit Title: Zoneminder v1.36.26 - Log Injection - CSRF Bypass - Stored Cross-Site Scripting XSS Exploit Author: Trenches of IT Vendor Homepage: https://github.com/ZoneMinder/zoneminder Version: v1.36.26 Tested on: Linux/Windows CVE: CVE-2022-39285, CVE-2022-39290, CVE-2022-39291 Writeup:...
CVE-2022-39291
creationtimestamp| type| source ---|---|--- 2023-03-27 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/51071...
Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass
Exploit Title: Zoneminder v1.36.26 - Log Injection - CSRF Bypass - Stored Cross-Site Scripting XSS Date: 10/01/2022 Exploit Author: Trenches of IT Vendor Homepage: https://github.com/ZoneMinder/zoneminder Version: v1.36.26 Tested on: Linux/Windows CVE: CVE-2022-39285, CVE-2022-39290, CVE-2022-392...
ZoneMinder < 1.36.27, 1.37.x < 1.37.24 Multiple Vulnerabilities
ZoneMinder is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zoneminder:zoneminder"; if...
CVE-2022-39291 Denial of service through logs in zoneminder
ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request...
CVE-2022-39291
CVE-2022-39291 affects ZoneMinder. A vulnerability allows users with View system permissions to inject data into Zoneminder logs via an HTTP POST to /zm/index.php, with no rate limiting, potentially impacting database performance or exhausting storage. It is a network-accessible/vectored issue wi...