Lucene search
K

7 matches found

OSV
OSV
added 2023/02/25 2:15 a.m.4 views

DEBIAN-CVE-2023-26036

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion Untrusted Search Path vulnerability via /web/index.php. By controlling $view, any local file...

9.8CVSS8.2AI score0.00897EPSS
Exploits1References1
OSV
OSV
added 2023/02/25 2:15 a.m.1 views

DEBIAN-CVE-2023-26035

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the...

9.8CVSS9AI score0.80462EPSS
Exploits11References1
OSV
OSV
added 2023/02/25 2:15 a.m.3 views

UBUNTU-CVE-2023-26036

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion Untrusted Search Path vulnerability via /web/index.php. By controlling $view, any local file...

9.8CVSS7.2AI score0.00897EPSS
Exploits1References3
OSV
OSV
added 2023/02/25 2:15 a.m.4 views

UBUNTU-CVE-2023-26039

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl in /web/api/app/Controller/HostController.php. Any authenticated user can...

8.8CVSS7.3AI score0.01246EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/25 1:31 a.m.6 views

CVE-2023-26039 ZoneMinder vulnerable to OS Command injection in daemonControl() API

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl in /web/api/app/Controller/HostController.php. Any authenticated user can...

7.1CVSS8.2AI score0.01246EPSS
Exploits0References1
OSV
OSV
added 2023/02/25 1:15 a.m.3 views

DEBIAN-CVE-2023-26034

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The blind SQL Injection vulnerability is present within the...

8.8CVSS9.6AI score0.01579EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/02/25 12:0 a.m.4 views

PT-2023-20435 · Unknown +2 · Zoneminder +2

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.36.33 and 1.37.33 Description: The issue concerns SQL Injection via a malicious JSON web token. The Username field of the JWT token was trusted when performing an SQL query to load the user. If an attacker could...

9.8CVSS8.3AI score0.80462EPSS
Exploits28References48
Rows per page
Query Builder