Exploit for CVE-2024-51482

Security Research: Multi-Stage Exploitation of Web-Based Surve...

UBUNTU-CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

Linux Distros Unpatched Vulnerability : CVE-2026-27470

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a...

CVE-2025-65791

ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec function. NOTE: this is disputed by the Supplier because there is no unsanitized user input to web/views/image.php...

CVE-2025-65791

ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec function. NOTE: this is disputed by the Supplier because there is no unsanitized user input to web/views/image.php...

CVE-2025-65791

CVE-2025-65791 affects ZoneMinder v1.36.34. Public sources describe a Command Injection in web/views/image.php where unsanitized user input is passed to PHP’s exec() function. The supplier disputes presence of unsanitized input in that file. Connected documents confirm the issue but do not provid...

Linux Distros Unpatched Vulnerability : CVE-2019-7348

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username'...

Linux Distros Unpatched Vulnerability : CVE-2019-13072

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stored XSS in the Filters page Name field in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who...

Linux Distros Unpatched Vulnerability : CVE-2024-51482

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37. = 1.37.64 is vulnerable to boolean-based SQL Injection in...

Linux Distros Unpatched Vulnerability : CVE-2018-1000832

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZoneMinder version = 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of...

Linux Distros Unpatched Vulnerability : CVE-2020-25730

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross Site Scripting XSS vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain...

Linux Distros Unpatched Vulnerability : CVE-2019-7339

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - POST - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter...

Linux Distros Unpatched Vulnerability : CVE-2019-8424

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter. CVE-2019-8424 Note that Nessus relies on the presence of the package as...

Linux Distros Unpatched Vulnerability : CVE-2019-7350

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim...

Linux Distros Unpatched Vulnerability : CVE-2019-8425

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages. CVE-2019-8425 Note that Nessus relies on the presence of the...

Linux Distros Unpatched Vulnerability : CVE-2019-7336

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the view monitorfilters.php contains takes in input from the user and saves it in...

Linux Distros Unpatched Vulnerability : CVE-2022-30769

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user. CVE-2022-30769 Note that Nessus...

Linux Distros Unpatched Vulnerability : CVE-2019-8426

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControlMinTiltRange parameter...

UBUNTU-CVE-2024-51482

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37. = 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65...