ZoneMinder 漏洞列表
共找到 16 个与 ZoneMinder 相关的漏洞
📅 加载漏洞趋势中...
-
ZoneMinder /zm/index.php watch SQL 注入漏洞(CVE-2024-43360) 无POC
ZoneMinder是一款免费的开源闭路电视软件应用程序,支持IP、USB和模拟摄像机等。受影响版本中,/zm/index.php中的sort参数存在SQL注入漏洞,攻击者可通过构造包含恶意sort参数的请求获取服务器敏感信息。该漏洞允许基于时间的SQL注入攻击,可能导致敏感数据泄露或其他恶意操作。 -
CVE-2023-26035: ZoneMinder Snapshots - Command Injection POC
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. -
CVE-2024-43360: ZoneMinder - SQL Injection POC
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61. -
CVE-2024-51482: ZoneMinder v1.37.* <= 1.37.64 - SQL Injection POC
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65. -
CVE-2023-26035: ZoneMinder Snapshots - Command Injection POC
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. -
CVE-2024-43360: ZoneMinder - SQL Injection POC
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61. -
CVE-2024-51482: ZoneMinder v1.37.* <= 1.37.64 - SQL Injection POC
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65. -
ZoneMinder index.php SQL注入漏洞(CVE-2024-43360) 无POC
ZoneMinder 在低版本系统中index接口存在SQL注入漏洞,未经身份验证的恶意攻击者利用 SQL注入漏洞获取数据库中的信息(例如管理员后台密码、站点用户个人信息)之外,攻击者甚至可以在高权限下向服务器写入命令,进一步获取服务器系统权限。 -
ZoneMinder ZoneMinder 需授权 SQL注入漏洞 无POC
-
ZoneMinder SQL注入漏洞 无POC
ZoneMinder是ZoneMinder开源的一套开源的视频监控软件系统。该系统支持IP、USB和模拟摄像机等。 ZoneMinder 1.37.64及之前1.37.X版本存在SQL注入漏洞,该漏洞源于web/ajax/event.php容易受到基于布尔值的SQL注入的攻击。 -
ZoneMinder index.php SQL注入漏洞 无POC
ZoneMinder存在sql注入漏洞,该漏洞是由于index.php接口对用户的请求验证不当导致的。 -
ZoneMinder 任意文件读取(CVE-2017-5595) 无POC
ZoneMinder 是一个web开源的视频监控系统,ZoneMinder v1.30.0中存在文件泄露和包含漏洞,用户输入被传递到views/file.php中的readfile。 -
ZoneMinder Snapshots CVE-2023-26035 远程命令注入漏洞 无POC
ZoneMinder存在远程命令注入漏洞。此漏洞是由于index.php对用户输入的内容缺乏校验导致的。 -
ZoneMinder Language Settings 远程代码执行漏洞 无POC
-
ZoneMinder命令执行漏洞(CVE-2023-26035) 无POC
ZoneMinder是一套开源的视频监控软件系统。该系统支持IP、USB和模拟摄像机等。 ZoneMinder1.36.33之前版本和1.37.33之前版本存在安全漏洞,该漏洞源于存在通过缺失授权进行未经认证的远程代码执行的漏洞。 -
Zoneminder未授权访问(CVE-2016-10140) 无POC
ZoneMinder是一款开源视频监控系统.ZoneMinder v1.30和v1.29捆绑的Apache HTTPServer配置中存在信息泄露和认证绕过漏洞,允许远程未认证攻击者浏览web根目录下的所有目录。