3 matches found
Sql injection
SQL injection vulnerability in zmhtmlviewevent.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter...
CVE-2008-3881
Multiple cross-site scripting XSS vulnerabilities in ZoneMinder 1.23.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified "zmhtmlview.php" files...
CVE-2008-3882
Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via 1 the executeFilter function in zmhtmlviewevents.php and 2 the runstate parameter to zmhtmlviewstate.php...