CRITICAL9.8CVE-2025-65791ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. from 0
CRITICAL9.8CVE-2024-43360ZoneMinder is a free, open source closed-circuit television software application. from 0
CRITICAL9.8CVE-2023-26037ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. from 0
CRITICAL9.8ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.
from 0
CRITICAL9.8ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.
from 0
CRITICAL9.8ZoneMinder before 1.36.13 allows remote code execution via an invalid language.
from 0
CRITICAL9.8ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter.
from 0
CRITICAL9.8ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[Monito…
from 0, < 1.34.6-1
CRITICAL9.8daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters.
from 0
CRITICAL9.8ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
from 0, < 1.34.6-1
CRITICAL9.8ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
from 0
CRITICAL9.8A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, al…
from 0, < 1.32.3-2
CRITICAL9.8ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confident…
from 0, < 1.32.3-2
CRITICAL9.8ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confident…
from 0, < 1.32.3-2
CRITICAL9.8SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit paramete…
from 0, < 1.30.4+dfsg-1
HIGH8.8ZoneMinder is a free, open source closed-circuit television software application.
from 0
HIGH8.8ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.
from 0
HIGH8.8ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.
from 0
HIGH8.8A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try agai…
from 0, < 1.34.6-1
HIGH8.8Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of user…
from 0, < 1.30.4+dfsg-1
HIGH8.8ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a r…
from 0, < 1.30.4+dfsg-1
HIGH8.2Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate pri…
from 0, < 1.34.21-1
HIGH8.1ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.
from 0
HIGH7.5ZoneMinder is a free, open source Closed-circuit television software application.
from 0
HIGH7.5A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated us…
from 0, < 1.34.6-1
HIGH7.5zoneminder - security update
from 0, < 1.25.0-4+deb7u1
HIGH7.5zoneminder - security update
from 0, < 1.30.4+dfsg-1
HIGH7.3Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby…
from 0
HIGH7.3Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie.
from 0, < 1.30.4+dfsg-1
MEDIUM6.8Cross-site Scripting in bootstrap-table
from 0
MEDIUM6.6RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while ex…
from 0
MEDIUM6.5ZoneMinder is a free, open source Closed-circuit television software application.
from 0
MEDIUM6.5ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.
from 0
MEDIUM6.5ZoneMinder is a free, open source Closed-circuit television software application.
from 0
MEDIUM6.5Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn wi…
from 0
MEDIUM6.1ZoneMinder is a free, open source closed-circuit television software application.
from 0
MEDIUM6.1ZoneMinder is a free, open source closed-circuit television software application.
from 0
MEDIUM6.1ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.
from 0
MEDIUM6.1ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.
from 0, < 1.34.21-1
MEDIUM6.1skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltR…
from 0, < 1.34.6-1
MEDIUM6.1includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.
from 0
MEDIUM6.1Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'state' (aka Run State) (state.php) does no input…
from 0, < 1.34.6-1
MEDIUM6.1Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vul…
from 0, < 1.34.6-1
MEDIUM6.1Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a…
from 0, < 1.34.6-1
MEDIUM6.1Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insec…
from 0, < 1.34.6-1
MEDIUM6.1Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a v…
from 0, < 1.34.6-1
MEDIUM6.1POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulner…
from 0, < 1.34.6-1
MEDIUM6.1Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a v…
from 0, < 1.34.6-1
MEDIUM6.1POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulner…
from 0, < 1.34.6-1
MEDIUM6.1POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulner…
from 0, < 1.34.6-1
MEDIUM6.1Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it in…
from 0, < 1.34.6-1
MEDIUM6.1Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view _monitor_filters.php contains takes in input from…
from 0, < 1.34.6-1
MEDIUM6.1Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it inse…
from 0, < 1.34.6-1
MEDIUM6.1Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vul…
from 0, < 1.34.6-1
MEDIUM6.1Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vul…
from 0, < 1.34.6-1
MEDIUM6.1Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vul…
from 0, < 1.34.6-1
MEDIUM6.1Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check co…
from 0, < 1.34.6-1
MEDIUM6.1Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vul…
from 0, < 1.34.6-1
MEDIUM6.1Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'…
from 0, < 1.34.6-1
MEDIUM6.1Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vul…
from 0, < 1.34.6-1
MEDIUM6.1Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vul…
from 0, < 1.34.6-1
MEDIUM6.1Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a…
from 0, < 1.34.6-1
MEDIUM6.1Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utiliz…
from 0, < 1.34.6-1
MEDIUM6.1A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or J…
from 0, < 1.32.3-2
MEDIUM6.1An issue was discovered in ZoneMinder v1.32.3.
from 0, < 1.32.3-2
MEDIUM6.1A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2.
from 0, < 1.30.4+dfsg-1
MEDIUM6.1Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via…
from 0, < 1.30.4+dfsg-1
MEDIUM6.1Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via…
from 0, < 1.30.4+dfsg-1
MEDIUM6.1Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via…
from 0, < 1.30.4+dfsg-1
MEDIUM6.1Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV serve…
from 0, < 1.30.4+dfsg-1
MEDIUM5.5zoneminder - security update
from 0, < 1.30.4+dfsg-1
MEDIUM5.5zoneminder - security update
from 0, < 1.25.0-4+deb7u2
MEDIUM5.4A Stored Cross Site Scripting (XSS) issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username fiel…
from 0
MEDIUM5.4ZoneMinder is a free, open source Closed-circuit television software application.
from 0
MEDIUM5.4ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting…
from 0
MEDIUM5.4Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browse…
from 0, < 1.34.6-1
MEDIUM5.4A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScr…
from 0, < 1.32.3-2
MEDIUM4.8Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation…
from 0, < 1.34.6-1
MEDIUM4.8Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view 'events' (events.php) insecurely displays the limit pa…
from 0, < 1.34.6-1
MEDIUM4.6Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user.
from 0
—Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a ..
from 0, < 1.25.0-1
—zoneminder - several issues
from 0, < 1.24.2-8+squeeze1
—zoneminder - several issues
from 0, < 1.25.0-4
—ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and pass…
from 0, < 1.22.3-5
—ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes…
from 0, < 1.24.1-1
—Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1…
from 0, < 1.24.1-1
—Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23.3 and earlier allow remote attackers to inject arbitrary web script…
from 0, < 1.24.1-1
—SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL com…
from 0, < 1.24.1-1
—zoneminder - arbitrary code execution
from 0, < 1.23.2-2+lenny1
—zoneminder - arbitrary code execution
from 0, < 1.23.3-1
—Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string.
from 0, < 1.22.3-1