ZoneMinder Multiple Input Validation Security Vulnerabilities

Bugtraq ID:	30843
Class:	Input Validation Error
CVE:	CVE-2008-3882 CVE-2008-3880
Remote:	Yes
Local:	No
Published:	Aug 26 2008 12:00AM
Updated:	Jul 05 2016 10:01PM
Credit:	Filip Palian
Vulnerable:	Triornis ZoneMinder 1.23.3 Triornis ZoneMinder 1.23.2 Triornis ZoneMinder 1.19.3 Triornis ZoneMinder 1.19.2 Triornis ZoneMinder 1.19.1 Triornis ZoneMinder 1.19 .0 Triornis ZoneMinder 1.18.1 Triornis ZoneMinder 1.18 .0 Triornis ZoneMinder 1.17.2 Triornis ZoneMinder 1.17.1 Triornis ZoneMinder 1.17 .0
Not Vulnerable:

ZoneMinder Multiple Input Validation Security Vulnerabilities

ZoneMinder is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include cross-site scripting, SQL-injection, and command-injection issues.

Exploiting these issues can allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.

ZoneMinder 1.23.3 is vulnerable; other versions may also be affected.

ZoneMinder Multiple Input Validation Security Vulnerabilities

An attacker can exploit these issues via a browser. To exploit a cross-site scripting vulnerability, the attacker must entice an unsuspecting user into visiting a malicious URI.

ZoneMinder Multiple Input Validation Security Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

ZoneMinder Multiple Input Validation Security Vulnerabilities

References:

• ZoneMinder Home Page (Triornis Ltd.)
  
• ZoneMinder Multiple Vulnerabilities ([email protected])