Metasploit modules that can be used to exploit Zoneminder » Zoneminder

Order by Disclosure Date Module Name Module Type
  • ZoneMinder Snapshots Command Injection
    Disclosure Date: 2023-02-24
    First seen: 2023-11-11
    exploit/unix/webapp/zoneminder_snapshots
    This module exploits an unauthenticated command injection in zoneminder that can be exploited by appending a command to the "create monitor ids[]"-action of the snapshot view. Affected versions: < 1.36.33, < 1.37.33 Authors: - UnblvR - whotwagner
  • ZoneMinder Language Settings Remote Code Execution
    Disclosure Date: 2022-04-27
    First seen: 2022-12-23
    exploit/unix/webapp/zoneminder_lang_exec
    This module exploits arbitrary file write in debug log file option chained with a path traversal in language settings that leads to a remote code execution in ZoneMinder surveillance software versions before 1.36.13 and before 1.37.11 Authors: - krastanoel
  • ZoneMinder Video Server packageControl Command Execution
    Disclosure Date: 2013-01-22
    First seen: 2020-04-26
    exploit/unix/webapp/zoneminder_packagecontrol_exec
    This module exploits a command execution vulnerability in ZoneMinder Video Server version 1.24.0 to 1.25.0 which could be abused to allow authenticated users to execute arbitrary commands under the context of the web server user. The 'packageControl' function in the 'includes/actions.php' file calls 'exec()' with user controlled data from the 'runState' parameter. Authors: - bcoles <bcoles@gmail.com>
3 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close