RSS   Vulnerabilities for 'Zoneminder'   RSS

2020-09-17
 
CVE-2020-25729

CWE-79
 
 
ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.

 
2019-06-29
 
CVE-2019-13072

CWE-79
 
 
Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page.

 
2019-02-17
 
CVE-2019-8429

CWE-89
 
 
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter.

 
 
CVE-2019-8428

CWE-89
 
 
ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.

 
 
CVE-2019-8427

CWE-77
 
 
daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters.

 
 
CVE-2019-8426

CWE-79
 
 
skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.

 
 
CVE-2019-8425

CWE-79
 
 
includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.

 
 
CVE-2019-8424

CWE-89
 
 
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.

 
 
CVE-2019-8423

CWE-89
 
 
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.

 
2019-02-04
 
CVE-2019-7352

CWE-79
 
 
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'state' (aka Run State) (state.php) does no input validation to the value supplied to the 'New State' (aka newState) field, allowing an attacker to execute HTML or JavaScript code.

 

Copyright 2024, cxsecurity.com

 

Back to Top