Wwbn

Avideo

70 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2022-32769

  • EPSS 0.17%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:06:55

Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover o...

6.1

CVE-2022-32771

  • EPSS 11.37%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:06:55

A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated...

6.1

CVE-2022-32772

  • EPSS 11.15%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:06:55

A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated...

7.5

CVE-2022-32777

  • EPSS 1.12%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:06:56

An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie al...

7.5

CVE-2022-32778

  • EPSS 1.12%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:06:56

An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie al...

8.8

CVE-2022-33147

  • EPSS 2.56%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:07:35

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.T...

8.8

CVE-2022-33148

  • EPSS 2.79%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:07:35

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.T...

8.8

CVE-2022-33149

  • EPSS 2.79%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:07:36

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.T...

8.8

CVE-2022-34652

  • EPSS 2.5%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:09:54

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.T...

9.9

CVE-2022-30547

Exploit
  • EPSS 20.74%
  • Veröffentlicht 22.08.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 07:02:55

A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigg...