Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8423PUBLISHED: 2019-02-18ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
CVE-2019-8424PUBLISHED: 2019-02-18ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
CVE-2019-8425PUBLISHED: 2019-02-18includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.
CVE-2019-8426PUBLISHED: 2019-02-18skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.
CVE-2019-8427PUBLISHED: 2019-02-18daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters.
User Rank: Ninja
1/3/2018 | 10:59:13 AM
I still have a collection of 3.5 disks containing 1990 backup data from my old 486 system. Having reliable backups (ransomware) is NOTHING NEW.
"Those who do not learn history are doomed to repeat it"