Vulnerabilities > Zoneminder > High

DATE CVE VULNERABILITY TITLE RISK
2019-01-28 CVE-2019-6991 Out-of-bounds Write vulnerability in Zoneminder
A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username.
network
low complexity
zoneminder CWE-787
7.5
7.5
2018-12-20 CVE-2018-1000833 Deserialization of Untrusted Data vulnerability in Zoneminder
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
network
low complexity
zoneminder CWE-502
7.5
7.5
2017-03-03 CVE-2016-10205 Session Fixation vulnerability in Zoneminder
Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie.
network
low complexity
zoneminder CWE-384
7.5
7.5
2017-03-03 CVE-2016-10204 SQL Injection vulnerability in Zoneminder
SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php.
network
low complexity
zoneminder CWE-89
7.5
7.5
2013-03-20 CVE-2013-0232 Unspecified vulnerability in Zoneminder
includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the packageControl function; or (2) key or (3) command parameter in the setDeviceStatusX10 function.
network
low complexity
zoneminder
7.5
7.5
2008-09-02 CVE-2008-3880 SQL Injection vulnerability in Zoneminder
SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter.
network
low complexity
zoneminder CWE-89
7.5
7.5
2008-05-01 CVE-2008-1381 Code Injection vulnerability in Zoneminder
ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL.
network
low complexity
zoneminder CWE-94
7.5
7.5