1264 matches found
CVE-2019-8424
CVE-2019-8424 affects ZoneMinder before 1.32.3. It is a SQL Injection via the ajax/status.php sort parameter, potentially enabling unauthenticated remote attackers to manipulate queries. CVSS v3 base score 9.8 (CRITICAL) / NETWORK, LOW complexity, no user interaction. Remediation: upgrade ZoneMin...
CVE-2019-8427
daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters...
CVE-2019-8429
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filterQueryterms0cnj parameter...
CVE-2019-8429
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filterQueryterms0cnj parameter...
CVE-2019-8424
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter...
CVE-2019-8423
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filterQueryterms0cnj parameter...
CVE-2019-8424
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter...
CVE-2019-8427
ZoneMinder contains a command-injection flaw in daemonControl (includes/functions.php) exploitable via shell metacharacters. Affected versions are prior to 1.32.3. The CVE entry (CVE-2019-8427) is supported by multiple sources indicating the vulnerability resides in ZoneMinder before 1.32.3, enab...
CVE-2019-8428
CVE-2019-8428 affects ZoneMinder before 1.32.3. The vulnerability is a SQL Injection in the skins/classic/views/control.php file via the groupSql parameter (demonstrated by a newGroup[MonitorIds][] value). Impact is partial to data confidentiality, integrity, and availability with a network attac...
CVE-2019-8426
skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControlMinTiltRange parameter...
CVE-2019-8423
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filterQueryterms0cnj parameter...
CVE-2019-8423
CVE-2019-8423 affects ZoneMinder up to version 1.32.3. The vulnerability is an SQL injection in the skins/classic/views/events.php file, triggered by the filter[Query][terms][0][cnj] parameter. The root cause is unsafely handled user input leading to database query manipulation. Documented impact...
CVE-2019-8426
ZoneMinder before 1.32.3 is affected by a cross-site scripting (XSS) vulnerability in skins/classic/views/controlcap.php via the newControl array, demonstrated by newControl[MinTiltRange]. Exploitation would occur in the browser of a user who visits a page that processes this parameter. The issue...
CVE-2019-8425
includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages...
CVE-2019-8428
ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroupMonitorIds value...
CVE-2019-8427
daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters...
CVE-2019-8425
ZoneMinder contains a cross-site scripting (XSS) vulnerability in the SQL-ERR message construction within includes/database.php for versions prior to 1.32.3. The issue arises from how error messages are generated, allowing injected script in the browser of an affected user. Affected product: Zone...
CVE-2019-8425
includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages...
CVE-2019-8426
skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControlMinTiltRange parameter...
CVE-2019-8423
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filterQueryterms0cnj parameter...