Wwbn

Avideo

55 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2023-49864

Exploit
  • EPSS 0.33%
  • Published 10.01.2024 16:15:49
  • Last modified 21.11.2024 08:33:58

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is tr...

6.5

CVE-2023-49863

Exploit
  • EPSS 0.33%
  • Published 10.01.2024 16:15:49
  • Last modified 21.11.2024 08:33:57

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is tr...

6.5

CVE-2023-49810

Exploit
  • EPSS 0.13%
  • Published 10.01.2024 16:15:48
  • Last modified 21.11.2024 08:33:53

A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to captcha bypass, which can be abused by an attacker to brute forc...

8.8

CVE-2023-49589

Exploit
  • EPSS 0.25%
  • Published 10.01.2024 16:15:48
  • Last modified 21.11.2024 08:33:36

An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to an arbitrary user password recovery. An attacker ca...

9.8

CVE-2023-49599

Exploit
  • EPSS 0.29%
  • Published 10.01.2024 16:15:48
  • Last modified 21.11.2024 08:33:37

An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather system information via...

8.8

CVE-2023-49715

Exploit
  • EPSS 0.51%
  • Published 10.01.2024 16:15:48
  • Last modified 21.11.2024 08:33:44

A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution when chained with an LFI vulner...

7.5

CVE-2023-49738

Exploit
  • EPSS 0.78%
  • Published 10.01.2024 16:15:48
  • Last modified 21.11.2024 08:33:45

An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.

6.5

CVE-2023-49862

Exploit
  • EPSS 0.33%
  • Published 10.01.2024 16:15:48
  • Last modified 21.11.2024 08:33:57

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is tr...

5.4

CVE-2023-48730

  • EPSS 0.35%
  • Published 10.01.2024 16:15:47
  • Last modified 21.11.2024 08:32:20

A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a use...

6.1

CVE-2023-48728

Exploit
  • EPSS 21.89%
  • Published 10.01.2024 16:15:47
  • Last modified 21.11.2024 08:32:20

A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get...