Wwbn

Avideo

55 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2022-30690

Exploit
  • EPSS 15.14%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:03:10

A cross-site scripting (xss) vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user...

8.8

CVE-2022-32282

Exploit
  • EPSS 0.38%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:06:05

An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. An attacker that owns a users' password hash will be able to use it to directly login into the account, leading to increased privileges.

8.8

CVE-2022-32572

Exploit
  • EPSS 23.47%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:06:39

An os command injection vulnerability exists in the aVideoEncoder wget functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to...

6.5

CVE-2022-32761

Exploit
  • EPSS 2.27%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:06:54

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request t...

4.2

CVE-2022-32768

  • EPSS 0.19%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:06:55

Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover o...

5

CVE-2022-32769

  • EPSS 0.18%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:06:55

Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover o...

6.1

CVE-2022-32770

  • EPSS 15.19%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:06:55

A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated...

6.1

CVE-2022-32772

  • EPSS 8.26%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:06:55

A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated...

7.5

CVE-2022-32777

  • EPSS 1.07%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:06:56

An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie al...

7.5

CVE-2022-32778

  • EPSS 1.07%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:06:56

An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie al...