CVE-2022-39289

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as...

PT-2022-24872 · Unknown +2 · Zoneminder +2

Name of the Vulnerable Software and Affected Versions: ZoneMinder affected versions not specified Description: The issue concerns the ZoneMinder API, which exposes database log contents to users without privileges. It also allows for the insertion, modification, and deletion of logs without syste...

CVE-2022-39285 Stored Cross-Site Scripting Vulnerability In File Parameter in zoneminder

ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability XSS by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the...

CVE-2022-39289

ZoneMinder (zoneMinder API) is affected by CVE-2022-39289: the API exposes database log contents to users without privileges, enabling insertion, modification, and deletion of logs without System Privileges. This results in information disclosure and potential log tampering. The root cause is imp...

CVE-2022-39290

ZoneMinder CVE-2022-39290 enables CSRF token bypass by altering requests to the Zoneminder web app, notably replacing HTTP POST with GET and omitting the CSRF key. This allows an authenticated user’s actions to be executed without CSRF protection, potentially leading to unintended actions on the ...

CVE-2022-39290 CSRF key bypass using HTTP methods in zoneminder

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CS...

CVE-2022-39291 Denial of service through logs in zoneminder

ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request...

CVE-2022-39289 Database log access in ZoneMinder

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as...

ZoneMinder 信息泄露漏洞

ZoneMinder is an open source video surveillance software system. The system supports IP, USB, and analog cameras, etc. ZoneMinder is vulnerable to an information disclosure vulnerability that stems from the ZoneMinder API exposing database log content to users without permissions, allowing logs t...

ZoneMinder 授权问题漏洞

ZoneMinder is an open source video surveillance software system that supports IP, USB and analog cameras. The system supports IP, USB and analog cameras, etc. A security vulnerability exists in ZoneMinder, which stems from the fact that an authenticated attacker can use the vulnerability to bypas...

CVE-2022-39290

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CS...

The vulnerability of the ZoneMinder video surveillance software lies in its lack of measures to protect website structures, allowing attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of the ZoneMinder video surveillance software relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...

PT-2022-12: Post-authentication command injection in ZoneMinder

The vulnerability was identified in ZoneMinder versions up to 1.36.14. The «Path Traversal» vulnerability allow a remote attacker to execute arbitrary code on the host running the software. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 27.05.2022 Recommendations:...

PT-2022-13: Stored Cross-Site Scripting (Stored XSS) in ZoneMinder

The vulnerability was identified in ZoneMinder versions up to 1.36.14. The «Stored XSS» vulnerability allows a remote attacker to perform cross-site scripting XSS attacks. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 27.05.2022 Recommendations: Update to version...

CVE-2022-1726

Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties...

ZoneMinder Language Settings Remote Code Execution Exploit

This Metasploit module exploits an arbitrary file write in the debug log file option chained with a path traversal in the language settings that leads to remote code execution in ZoneMinder surveillance software versions before 1.36.13 and before 1.37.11 This module requires Metasploit:...

ZoneMinder Language Settings Remote Code Execution

This module exploits arbitrary file write in debug log file option chained with a path traversal in language settings that leads to a remote code execution in ZoneMinder surveillance software versions before 1.36.13 and before 1.37.11 Module Options msf use exploit/unix/webapp/zoneminderlangexec...

ZoneMinder Language Settings Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ZoneMinder Language Settings Remote Code Execution', 'Description' = %q This module exploits arbitrary file write in debug log file option chaine...

Remote Code Execution (RCE)

ZoneMinder is vulnerable to remote code execution. An attacker is able to inject maliciously crafted script via an invalid language...

ZoneMinder Remote Code Execution Vulnerability

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. A remote code execution vulnerability exists in versions prior to ZoneMinder 1.36.13, which can be exploited by attackers to cause arbitrary code execution...