Vulnerabilities > Zoneminder > High

DATE CVE VULNERABILITY TITLE RISK
2023-02-25 CVE-2023-26039 OS Command Injection vulnerability in Zoneminder
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.
network
low complexity
zoneminder CWE-78
8.8
8.8
2023-02-25 CVE-2023-26032 SQL Injection vulnerability in Zoneminder
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.
network
high complexity
zoneminder CWE-89
8.1
8.1
2023-02-25 CVE-2023-26034 SQL Injection vulnerability in Zoneminder
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.
network
low complexity
zoneminder CWE-89
8.8
8.8
2022-10-07 CVE-2022-39289 Missing Authorization vulnerability in Zoneminder
ZoneMinder is a free, open source Closed-circuit television software application.
network
low complexity
zoneminder CWE-862
7.5
7.5
2022-04-26 CVE-2022-29806 Path Traversal vulnerability in Zoneminder
ZoneMinder before 1.36.13 allows remote code execution via an invalid language.
network
low complexity
zoneminder CWE-22
7.5
7.5
2019-02-18 CVE-2019-8429 SQL Injection vulnerability in Zoneminder
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter.
network
low complexity
zoneminder CWE-89
7.5
7.5
2019-02-18 CVE-2019-8428 SQL Injection vulnerability in Zoneminder
ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.
network
low complexity
zoneminder CWE-89
7.5
7.5
2019-02-18 CVE-2019-8427 OS Command Injection vulnerability in Zoneminder
daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters.
network
low complexity
zoneminder CWE-78
7.5
7.5
2019-02-18 CVE-2019-8424 SQL Injection vulnerability in Zoneminder
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
network
low complexity
zoneminder CWE-89
7.5
7.5
2019-02-18 CVE-2019-8423 SQL Injection vulnerability in Zoneminder
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
network
low complexity
zoneminder CWE-89
7.5
7.5