VulnerableCode Package Details - pkg:deb/debian/zoneminder@1.24.1-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-619e-k5cr-nyap	Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified "zm_html_view_*.php" files.	CVE-2008-3881
VCID-643r-dxjk-63d2	zoneminder: command injection, SQL injection and multiple XSS issues (CVE-2008-3882, CVE-2008-3880, CVE-2008-3881)	CVE-2008-3880
VCID-ce64-m9xt-wkec	ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.	CVE-2008-6755
VCID-zd7k-6rwb-qug5	Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php.	CVE-2008-3882

Vulnerability

Summary

Aliases

VCID-619e-k5cr-nyap

Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified "zm_html_view_*.php" files.

CVE-2008-3881

VCID-643r-dxjk-63d2

zoneminder: command injection, SQL injection and multiple XSS issues (CVE-2008-3882, CVE-2008-3880, CVE-2008-3881)

CVE-2008-3880

VCID-ce64-m9xt-wkec

ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.

CVE-2008-6755

VCID-zd7k-6rwb-qug5

Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php.

CVE-2008-3882

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:02:23.191418+00:00	Debian Importer	Fixing	VCID-619e-k5cr-nyap	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:46:17.148281+00:00	Debian Importer	Fixing	VCID-643r-dxjk-63d2	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:42:56.268161+00:00	Debian Importer	Fixing	VCID-zd7k-6rwb-qug5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:40:32.687899+00:00	Debian Importer	Fixing	VCID-ce64-m9xt-wkec	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:57:46.867593+00:00	Debian Importer	Fixing	VCID-619e-k5cr-nyap	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:17:13.725180+00:00	Debian Importer	Fixing	VCID-643r-dxjk-63d2	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:14:50.945652+00:00	Debian Importer	Fixing	VCID-zd7k-6rwb-qug5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:26:15.237388+00:00	Debian Importer	Fixing	VCID-ce64-m9xt-wkec	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:59:16.662040+00:00	Debian Importer	Fixing	VCID-ce64-m9xt-wkec	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:59:16.612352+00:00	Debian Importer	Fixing	VCID-zd7k-6rwb-qug5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:59:16.564808+00:00	Debian Importer	Fixing	VCID-619e-k5cr-nyap	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:59:16.517636+00:00	Debian Importer	Fixing	VCID-643r-dxjk-63d2	https://security-tracker.debian.org/tracker/data/json	38.1.0