Wwbn

Avideo

206 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-32778

  • EPSS 1.98%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:06:56

An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie al...

8.8

CVE-2022-33147

  • EPSS 1.64%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:07:35

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.T...

8.8

CVE-2022-33148

  • EPSS 0.97%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:07:35

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.T...

8.8

CVE-2022-33149

  • EPSS 1.64%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:07:36

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.T...

8.8

CVE-2022-34652

  • EPSS 0.91%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:09:54

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.T...

9.6

CVE-2022-26842

Exploit
  • EPSS 2.93%
  • Veröffentlicht 22.08.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:54:37

A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get...

6.5

CVE-2022-28710

Exploit
  • EPSS 2.3%
  • Veröffentlicht 22.08.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:57:47

An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this v...

9

CVE-2022-28712

Exploit
  • EPSS 2.44%
  • Veröffentlicht 22.08.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:57:47

A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated u...

8.8

CVE-2022-29468

Exploit
  • EPSS 1.44%
  • Veröffentlicht 22.08.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:59:08

A cross-site request forgery (CSRF) vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request t...

8.8

CVE-2022-30534

  • EPSS 74.49%
  • Veröffentlicht 22.08.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 07:02:53

An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP reque...