CVE-2013-0332
published 2013-03-20CVE-2013-0332: Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1)…
PriorityP340medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
10.20%
95.1th percentile
Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | zoneminder | < zoneminder 1.25.0-1 (bookworm) | zoneminder 1.25.0-1 (bookworm) |
| zoneminder | zoneminder | — | — |
| zoneminder | zoneminder | — | — |
| zoneminder | zoneminder | — | — |
| zoneminder | zoneminder | — | — |
| zoneminder | zoneminder | >= 0 < 1.25.0-1 | 1.25.0-1 |
| zoneminder | zoneminder | >= 0 < 1.25.0-1 | 1.25.0-1 |
| zoneminder | zoneminder | >= 0 < 1.25.0-1 | 1.25.0-1 |
| zoneminder | zoneminder | >= 0 < 1.25.0-1 | 1.25.0-1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7rvr-83mm-384f: Multiple directory traversal vulnerabilities in ZoneMinder 1
ghsa_unreviewed·2022-05-05
CVE-2013-0332 [MEDIUM] CWE-22 GHSA-7rvr-83mm-384f: Multiple directory traversal vulnerabilities in ZoneMinder 1
Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter.
OSV
CVE-2013-0332: Multiple directory traversal vulnerabilities in ZoneMinder 1
osv·2013-03-20·CVSS 5.0
CVE-2013-0332 [MEDIUM] CVE-2013-0332: Multiple directory traversal vulnerabilities in ZoneMinder 1
Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter.
Debian
CVE-2013-0332: zoneminder - Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 ...
vendor_debian·2013·CVSS 5.0
CVE-2013-0332 [MEDIUM] CVE-2013-0332: zoneminder - Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 ...
Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter.
Scope: local
bookworm: resolved (fixed in 1.25.0-1)
bullseye: resolved (fixed in 1.25.0-1)
forky: resolved (fixed in 1.25.0-1)
sid: resolved (fixed in 1.25.0-1)
trixie: resolved (fixed in 1.25.0-1)
No detection rules found.
Exploit-DB
ZoneMinder Video Server - packageControl Command Execution (Metasploit)
exploitdb·2013-01-24
CVE-2013-0332 ZoneMinder Video Server - packageControl Command Execution (Metasploit)
ZoneMinder Video Server - packageControl Command Execution (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'ZoneMinder Video Server packageControl Command Execution',
'Description' => %q{
This module exploits a command execution vulnerability in ZoneMinder Video
Server version 1.24.0 to 1.25.0 which could be abused to allow
authenticated users to execute arbitrary commands under the context of the
web server user. The 'packageControl' function in the
'includes/actions.php' file calls 'exec()' with user controlled data
from the '
Exploit-DB
ZoneMinder 1.24.3 - Remote File Inclusion
exploitdb·2011-08-01
CVE-2013-0332 ZoneMinder 1.24.3 - Remote File Inclusion
ZoneMinder 1.24.3 - Remote File Inclusion
---
# Exploit Title: Zoneminder 1.24.3 Remote File Inclusion Vulnerability
# Date: 2011-07-22
# Author: Iye (iye[dot]cba-at-gmail[dot]com)
# Software Link: http://www.zoneminder.com/
# Version: 1.24.3 (Tested). 1.24.4 probably too, not tested
# Tested on: Ubuntu 10.04
You must be authenticated as a user in the Web App to exploit it. It's
not a must to be admin.
POC: http://localhost/zm/index.php?action=56&markMids%5B%5D=1&deleteBtn=Delete&editBtn=Edit&view=../../../../../../../../../../../../../../../etc/passwd%00
Reported to proyect mantainer (Philip Coombes) on 2011-07-22
Fix patch made Philip Coombes: http://www.zoneminder.com/downloads/lfi-patch.txt
Vulnerable Code:
/var/www/zm/includes/functions.php
function getSkinFile( $file )
{
glob
No writeups or analysis indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700912http://www.debian.org/security/2013/dsa-2640http://www.openwall.com/lists/oss-security/2013/02/21/8http://www.openwall.com/lists/oss-security/2013/02/21/9http://www.zoneminder.com/forums/viewtopic.php?f=1&t=17979http://www.zoneminder.com/wiki/index.php/Change_Historyhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700912http://www.debian.org/security/2013/dsa-2640http://www.openwall.com/lists/oss-security/2013/02/21/8http://www.openwall.com/lists/oss-security/2013/02/21/9http://www.zoneminder.com/forums/viewtopic.php?f=1&t=17979http://www.zoneminder.com/wiki/index.php/Change_History
2013-03-20
Published