Metasploit modules that can be used to exploit Zoneminder » Zoneminder
-
ZoneMinder Snapshots Command Injection
Disclosure Date: 2023-02-24First seen: 2023-11-11exploit/unix/webapp/zoneminder_snapshotsThis module exploits an unauthenticated command injection in zoneminder that can be exploited by appending a command to the "create monitor ids[]"-action of the snapshot view. Affected versions: < 1.36.33, < 1.37.33 Authors: - UnblvR - whotwagner -
ZoneMinder Language Settings Remote Code Execution
Disclosure Date: 2022-04-27First seen: 2022-12-23exploit/unix/webapp/zoneminder_lang_execThis module exploits arbitrary file write in debug log file option chained with a path traversal in language settings that leads to a remote code execution in ZoneMinder surveillance software versions before 1.36.13 and before 1.37.11 Authors: - krastanoel -
ZoneMinder Video Server packageControl Command Execution
Disclosure Date: 2013-01-22First seen: 2020-04-26exploit/unix/webapp/zoneminder_packagecontrol_execThis module exploits a command execution vulnerability in ZoneMinder Video Server version 1.24.0 to 1.25.0 which could be abused to allow authenticated users to execute arbitrary commands under the context of the web server user. The 'packageControl' function in the 'includes/actions.php' file calls 'exec()' with user controlled data from the 'runState' parameter. Authors: - bcoles <bcoles@gmail.com>
3 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details