Wwbn

Avideo

55 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2022-33147

  • EPSS 2.43%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:07:35

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.T...

8.8

CVE-2022-33148

  • EPSS 2.65%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:07:35

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.T...

8.8

CVE-2022-33149

  • EPSS 2.65%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:07:36

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.T...

6.1

CVE-2022-32771

  • EPSS 10.58%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:06:55

A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated...

8.8

CVE-2022-30534

  • EPSS 12.72%
  • Veröffentlicht 22.08.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 07:02:53

An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP reque...

9.6

CVE-2022-26842

Exploit
  • EPSS 6.2%
  • Veröffentlicht 22.08.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:54:37

A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get...

6.5

CVE-2022-28710

Exploit
  • EPSS 2.27%
  • Veröffentlicht 22.08.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:57:47

An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this v...

9

CVE-2022-28712

Exploit
  • EPSS 3.71%
  • Veröffentlicht 22.08.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:57:47

A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated u...

8.8

CVE-2022-29468

Exploit
  • EPSS 1.33%
  • Veröffentlicht 22.08.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:59:08

A cross-site request forgery (CSRF) vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request t...

9.9

CVE-2022-30547

Exploit
  • EPSS 33.69%
  • Veröffentlicht 22.08.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 07:02:55

A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigg...