Debian Zoneminder vulnerabilities

CVE-2013-0332 [MEDIUM] CVE-2013-0332: zoneminder - Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 ... Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter. Scope: local bookworm: resolved (fixed in 1.25.0-1) bullseye: resolved (fixed in 1.25.0-1) forky: resolved (fixed in 1.25.0-1) sid: resolved (fixed in 1.25.0-1) tri

CVE-2013-7464 [HIGH] CVE-2013-7464: cacti - In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the... In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2008-3882 [CRITICAL] CVE-2008-3882: zoneminder - Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier a... Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php. Scope: local bookworm: resolved (fixed in 1.24.1-1) bullseye: resolved (fixed in 1.24.1-1) forky: resolved (f

CVE-2008-3880 [HIGH] CVE-2008-3880: zoneminder - SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and e... SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter. Scope: local bookworm: resolved (fixed in 1.24.1-1) bullseye: resolved (fixed in 1.24.1-1) forky: resolved (fixed in 1.24.1-1) sid: resolved (fixed in 1.24.1-1) trixie: resolved (fixed in 1.

CVE-2008-1381 [HIGH] CVE-2008-1381: zoneminder - ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthe... ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL. Scope: local bookworm: resolved (fixed in 1.23.3-1) bullseye: resolved (fixed in 1.23.3-1) forky: resolved (fixed in 1.23.3-1) sid: resolved (fixed in 1.23.3-1) trixie: res

CVE-2008-6755 [MEDIUM] CVE-2008-6755: zoneminder - ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache ... ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script. Scope: local bookworm: resolved (fixed in 1.24.1-1) bullseye: resolved (fixed in 1.24.1-1) forky: resolved (fixed in 1.24

CVE-2008-3881 [MEDIUM] CVE-2008-3881: zoneminder - Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23.3 and ear... Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified "zm_html_view_*.php" files. Scope: local bookworm: resolved (fixed in 1.24.1-1) bullseye: resolved (fixed in 1.24.1-1) forky: resolved (fixed in 1.24.1-1) sid: resolved (fixed in 1.24.1-1) trixie: resol

CVE-2008-6756 [LOW] CVE-2008-6756: zoneminder - ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which ... ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file. Scope: local bookworm: resolved (fixed in 1.22.3-5) bullseye: resolved (fixed in 1.22.3-5) forky: resolved (fixed in 1.22.3-5) sid: resolved (fixed in 1.22.3-5) trixie: resolved (fixed in 1.22.3-5)

CVE-2004-0227 [HIGH] CVE-2004-0227: zoneminder - Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote... Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string. Scope: local bookworm: resolved (fixed in 1.22.3-1) bullseye: resolved (fixed in 1.22.3-1) forky: resolved (fixed in 1.22.3-1) sid: resolved (fixed in 1.22.3-1) trixie: resolved (fixed in 1.22.3-1)