Linux Distros Unpatched Vulnerability : CVE-2024-43360

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This...

Linux Distros Unpatched Vulnerability : CVE-2023-26032

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33...

Linux Distros Unpatched Vulnerability : CVE-2022-39290

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the...

Linux Distros Unpatched Vulnerability : CVE-2023-26038

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33...

SQL Injection

ZoneMinder is vulnerable to SQL Injection. The vulnerability is due to unsanitized parameters being directly passed to an SQL query in WWW/AJAX/watch.php, and attackers can exploit this to execute arbitrary SQL commands on the database...

CVE-2022-39290

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CS...

CVE-2022-39289

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as...

CVE-2022-39285

ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability XSS by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the...

CVE-2024-43360

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61...

PT-2026-20460

Name of the Vulnerable Software and Affected Versions ZoneMinder version 1.36.34 Description ZoneMinder version 1.36.34 contains a command injection flaw in the 'web/views/image.php' file. The application directly passes unsanitized user input to the exec function, potentially allowing for...

A vulnerability exists in the web/ajax/event.php module of the ZoneMinder video surveillance software, which allows a intruder to execute arbitrary code.

The vulnerability in the web/ajax/event.php module of the ZoneMinder video surveillance software lies in the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by injecting a specially crafted SQL query...

ZoneMinder 1.37.* < 1.37.65 SQLi Vulnerability

ZoneMinder is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zoneminder:zoneminder...

CVE-2024-51482

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37. = 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65...

CVE-2024-51482

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37. = 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65...

CVE-2024-51482 Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37. = 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65...

CVE-2024-51482

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37. = 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65...

CVE-2024-51482 Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37. = 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65...

CVE-2024-51482 Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37. = 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65...

CVE-2024-51482

CVE-2024-51482 affects ZoneMinder v1.37.* up to and including 1.37.64. The vulnerability is a boolean-based SQL Injection in the web/ajax/event.php endpoint, enabling unauthorized access to sensitive data. A fix is available in ZoneMinder 1.37.65. Connected documents corroborate the SQLi claim an...

PT-2024-7538

Name of the Vulnerable Software and Affected Versions ZoneMinder versions 1.37. through 1.37.64 Description The issue is related to a boolean-based SQL injection vulnerability in the web/ajax/event.php function of ZoneMinder. This vulnerability arises from a lack of input validation for the tagId...