Vulnerabilities > Zoneminder > Zoneminder > 0.9.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-09-02 | CVE-2008-3882 | Code Injection vulnerability in Zoneminder Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php. | 10.0 |
| 2008-09-02 | CVE-2008-3881 | Cross-Site Scripting vulnerability in Zoneminder Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified "zm_html_view_*.php" files. | 4.3 |
| 2008-09-02 | CVE-2008-3880 | SQL Injection vulnerability in Zoneminder SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter. | 7.5 |
| 2008-05-01 | CVE-2008-1381 | Code Injection vulnerability in Zoneminder ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL. | 7.5 |