Show filters
83 Total Results
Displaying 61-70 of 83
Sort by:
Attacker Value
Unknown

CVE-2019-6777

Disclosure Date: January 24, 2019 (last updated November 27, 2024)
An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter.
0
0
Attacker Value
Unknown

CVE-2018-1000833

Disclosure Date: December 20, 2018 (last updated November 27, 2024)
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
0
0
Attacker Value
Unknown

CVE-2018-1000832

Disclosure Date: December 20, 2018 (last updated November 27, 2024)
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
0
0
Attacker Value
Unknown

CVE-2017-7203

Disclosure Date: March 21, 2017 (last updated November 26, 2024)
A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
0
0
Attacker Value
Unknown

CVE-2016-10204

Disclosure Date: March 03, 2017 (last updated November 26, 2024)
SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php.
0
0
Attacker Value
Unknown

CVE-2016-10201

Disclosure Date: March 03, 2017 (last updated November 26, 2024)
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php.
0
0
Attacker Value
Unknown

CVE-2016-10205

Disclosure Date: March 03, 2017 (last updated November 26, 2024)
Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie.
0
0
Attacker Value
Unknown

CVE-2016-10202

Disclosure Date: March 03, 2017 (last updated November 26, 2024)
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php.
0
0
Attacker Value
Unknown

CVE-2016-10206

Disclosure Date: March 03, 2017 (last updated November 26, 2024)
Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php.
0
0
Attacker Value
Unknown

CVE-2016-10203

Disclosure Date: March 03, 2017 (last updated November 26, 2024)
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor.
0
0
View More Topics  < Previous  Next >