14 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-26035
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33...
ZoneMinder Snapshots Remote Code Execution
import re import requests from bs4 import BeautifulSoup import argparse import base64 Exploit Title: Unauthenticated RCE in ZoneMinder Snapshots Date: 12 December 2023 Discovered by : @Unblvr1 Exploit Author: Ravindu Wickramasinghe @rvizx9 Vendor Homepage: https://zoneminder.com/ Software Link:...
ZoneMinder Snapshots < 1.37.33 - Unauthenticated RCE
import re import requests from bs4 import BeautifulSoup import argparse import base64 Exploit Title: Unauthenticated RCE in ZoneMinder Snapshots Date: 12 December 2023 Discovered by : @Unblvr1 Exploit Author: Ravindu Wickramasinghe @rvizx9 Vendor Homepage: https://zoneminder.com/ Software Link:...
Exploit for Missing Authorization in Zoneminder
Exploit - ZoneMinder CVE-2023-26035 There is a Unauthentica...
Exploit for Missing Authorization in Zoneminder
CVE-2023-26035 ZoneMinder Snapshots - Unauthenticated !image...
Exploit for Missing Authorization in Zoneminder
POC for CVE-2023-26035 Works for ZoneMinder Versions prior...
Exploit for Missing Authorization in Zoneminder
Zoneminder Unauthenticated RCE via Snapshots CVE-2023-26035...
Exploit for Missing Authorization in Zoneminder
CVE-2023-26035 Unauthenticated RCE in ZoneMinder Snapshots - P...
ZoneMinder Snapshots Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ZoneMinder Snapshots Command Injection', 'Description' = %q This module exploits an unauthenticated command injection in zoneminder that can be...
ZoneMinder Snapshots Command Injection Exploit
This Metasploit module exploits an unauthenticated command injection in zoneminder that can be exploited by appending a command to an action of the snapshot view. Versions prior to 1.36.33 and 1.37.33 are affected. This module requires Metasploit: https://metasploit.com/download Current source:...
CVE-2023-26035
creationtimestamp| type| source ---|---|--- 2023-11-10 20:44:04+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/zonemindersnapshots.rb 2023-12-11 20:34:28+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/6140 2023-12-12...
CVE-2023-26035
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the...
CVE-2023-26035
ZoneMinder Snapshots (CVE-2023-26035) affects ZoneMinder prior to 1.36.33 and 1.37.33. The vulnerability is an Unauthenticated Remote Code Execution due to missing authorization in the snapshot action, where an attacker can craft the snapshot request to trigger shell_exec with a supplied id. Impa...
CVE-2023-26035
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the...