CVE-2019-7347

A Time-of-check Time-of-use TOCTOU Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records add/delete Monitors, Users, etc...

CVE-2019-7338

Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration...

EUVD-2019-16890

Malware in sbrugna...

CVE-2019-8423

ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filterQueryterms0cnj parameter...

CVE-2023-31493

RCE Remote Code Execution exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system...

CVE-2020-25729

ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php...

CVE-2008-3880

SQL injection vulnerability in zmhtmlviewevent.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter...

CVE-2008-1381

ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL...