Wwbn

Avideo

164 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2022-33148

  • EPSS 2.5%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:07:35

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.T...

8.8

CVE-2022-33149

  • EPSS 3.21%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:07:36

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.T...

8.8

CVE-2022-34652

  • EPSS 2.5%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:09:54

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.T...

9.6

CVE-2022-26842

Exploit
  • EPSS 9.45%
  • Veröffentlicht 22.08.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:54:37

A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get...

6.5

CVE-2022-28710

Exploit
  • EPSS 2.7%
  • Veröffentlicht 22.08.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:57:47

An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this v...

9

CVE-2022-28712

Exploit
  • EPSS 3.54%
  • Veröffentlicht 22.08.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:57:47

A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated u...

8.8

CVE-2022-29468

Exploit
  • EPSS 1.26%
  • Veröffentlicht 22.08.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:59:08

A cross-site request forgery (CSRF) vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request t...

8.8

CVE-2022-30534

  • EPSS 12.34%
  • Veröffentlicht 22.08.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 07:02:53

An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP reque...

9.9

CVE-2022-30547

Exploit
  • EPSS 20.74%
  • Veröffentlicht 22.08.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 07:02:55

A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigg...

6.1

CVE-2022-27462

  • EPSS 0.24%
  • Veröffentlicht 05.04.2022 16:15:16
  • Zuletzt bearbeitet 21.11.2024 06:55:46

Cross Site Scripting (XSS) vulnerability in objects/function.php in function getDeviceID in WWBN AVideo through 11.6, via the yptDevice parameter to view/include/head.php.