ALT-PU-2018-2845-1
Package zoneminder updated to version 1.32.3-alt1 for branch sisyphus in task 217833.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2018-1000832
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
Modified: 2024-11-21
CVE-2018-1000833
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
Modified: 2024-11-21
CVE-2019-8424
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
- https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#ajaxstatusphp-line-276-orderby-sql-injection
- https://www.seebug.org/vuldb/ssvid-97763
- https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#ajaxstatusphp-line-276-orderby-sql-injection
- https://www.seebug.org/vuldb/ssvid-97763
Modified: 2024-11-21
CVE-2019-8425
includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.
- https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#sql-query-error-reflected-xss
- https://www.seebug.org/vuldb/ssvid-97764
- https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#sql-query-error-reflected-xss
- https://www.seebug.org/vuldb/ssvid-97764
Modified: 2024-11-21
CVE-2019-8426
skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.
- https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewscontrolcapphp-reflected-xss
- https://www.seebug.org/vuldb/ssvid-97766
- https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewscontrolcapphp-reflected-xss
- https://www.seebug.org/vuldb/ssvid-97766
Modified: 2024-11-21
CVE-2019-8427
daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters.
Modified: 2024-11-21
CVE-2019-8428
ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.
- https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewscontrolphp-line-35-second-order-sqli
- https://www.seebug.org/vuldb/ssvid-97765
- https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewscontrolphp-line-35-second-order-sqli
- https://www.seebug.org/vuldb/ssvid-97765
Modified: 2024-11-21
CVE-2019-8429
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter.
- https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#ajaxstatusphp-line-393-sql-injection
- https://www.seebug.org/vuldb/ssvid-97762
- https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#ajaxstatusphp-line-393-sql-injection
- https://www.seebug.org/vuldb/ssvid-97762