Download
| Alert*
oval:org.secpod.oval:def:112033
zoneminder is installed oval:org.secpod.oval:def:1900016 ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.phpfilter[Query][terms][0][cnj] parameter. oval:org.secpod.oval:def:1800600 CVE-2017-5595: File disclosure due to unfiltered user-input Affects v1.30 and v1.29 oval:org.secpod.oval:def:1800601 zoneminder is installed oval:org.secpod.oval:def:600991 Multiple vulnerabilities were discovered in zoneminder, a Linux video camera security and surveillance solution. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-0232 Brendan Coles discovered that zoneminder is prone to an arbitrary command execution vulne ... oval:org.secpod.oval:def:601543 zoneminder is installed oval:org.secpod.oval:def:1900020 skins/classic/views/control cap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange]parameter. oval:org.secpod.oval:def:1900021 daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters. oval:org.secpod.oval:def:1900022 ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value. oval:org.secpod.oval:def:1900029 includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages. oval:org.secpod.oval:def:1900003 ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter. oval:org.secpod.oval:def:1900015 ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter. oval:org.secpod.oval:def:1900420 A Cross-Site Scripting was discovered in ZoneMinder before 1.30.2.The vulnerability exists due to insufficient filtration of user-supplied data passed to the"ZoneMinder-master/web/skins/classic/views/js/post login.js.php" URL. An attacker could execute arbitrary HTML and script code in a browser in ... oval:org.secpod.oval:def:1900348 A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files in the context of the web server user. The attack vector is a .. ... oval:org.secpod.oval:def:1900494 Cross-site scripting vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php. oval:org.secpod.oval:def:112036 ZoneMinder is a set of applications which is intended to provide a complete solution allowing you to capture, analyse, record and monitor any cameras you have attached to a Linux based machine. It is designed to run on kernels which support the Video For Linux interface and has been tested with cam ... oval:org.secpod.oval:def:112032 ZoneMinder is a set of applications which is intended to provide a complete solution allowing you to capture, analyse, record and monitor any cameras you have attached to a Linux based machine. It is designed to run on kernels which support the Video For Linux interface and has been tested with cam ... oval:org.secpod.oval:def:1900547 Cross-site scripting vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php. oval:org.secpod.oval:def:1900559 Cross-site scripting vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor. oval:org.secpod.oval:def:1900563 Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie. oval:org.secpod.oval:def:1900575 SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php. oval:org.secpod.oval:def:1900572 Cross-site request forgery vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php. oval:org.secpod.oval:def:1900872 Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV i ... oval:org.secpod.oval:def:1900990 ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admi ... |