Wowza

Streaming Engine

26 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2016-20036

Exploit
  • EPSS 0.03%
  • Veröffentlicht 15.03.2026 18:34:23
  • Zuletzt bearbeitet 19.03.2026 14:17:47

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject ...

4.3

CVE-2016-20035

Exploit
  • EPSS 0.04%
  • Veröffentlicht 15.03.2026 18:34:22
  • Zuletzt bearbeitet 19.03.2026 14:17:08

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that...

8

CVE-2016-20034

Exploit
  • EPSS 0.03%
  • Veröffentlicht 15.03.2026 18:34:22
  • Zuletzt bearbeitet 19.03.2026 14:16:48

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint wi...

7.8

CVE-2016-20033

Exploit
  • EPSS 0.02%
  • Veröffentlicht 15.03.2026 18:34:21
  • Zuletzt bearbeitet 19.03.2026 14:16:04

Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions granting full access to the Everyone group. Attacke...

6.5

CVE-2024-52056

  • EPSS 0.17%
  • Veröffentlicht 21.11.2024 23:15:06
  • Zuletzt bearbeitet 26.02.2025 19:54:38

Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to delete any directory on the file system if the target directory contains an XML definition file.

4.9

CVE-2024-52055

  • EPSS 0.18%
  • Veröffentlicht 21.11.2024 23:15:05
  • Zuletzt bearbeitet 26.02.2025 19:54:38

Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to read any file on the file system if the target directory contains an XML definition file.

2.7

CVE-2024-52054

  • EPSS 0.2%
  • Veröffentlicht 21.11.2024 23:15:05
  • Zuletzt bearbeitet 26.02.2025 19:54:38

Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to create an XML definition file anywhere on the file system.

9.6

CVE-2024-52053

  • EPSS 0.76%
  • Veröffentlicht 21.11.2024 23:15:05
  • Zuletzt bearbeitet 26.02.2025 19:54:38

Stored Cross-Site Scripting in the Manager component of Wowza Streaming Engine below 4.9.1 allows an unauthenticated attacker to inject client-side JavaScript into the web dashboard to automatically hijack admin accounts.

7.2

CVE-2024-52052

  • EPSS 3.52%
  • Veröffentlicht 21.11.2024 23:15:04
  • Zuletzt bearbeitet 26.02.2025 19:54:38

Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application property and poison a stream target for high-privilege remote code execution.

6.5

CVE-2021-35492

Exploit
  • EPSS 12.98%
  • Veröffentlicht 05.10.2021 16:15:07
  • Zuletzt bearbeitet 21.11.2024 06:12:22

Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available files...