CVE-2019-7654
- EPSS 0.57%
- Veröffentlicht 29.01.2020 16:15:11
- Zuletzt bearbeitet 21.11.2024 04:48:28
Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another admin user via enginemanager/server/user/edit....
CVE-2018-19365
- EPSS 87.08%
- Veröffentlicht 21.03.2019 16:00:30
- Zuletzt bearbeitet 21.11.2024 03:57:49
The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request.
CVE-2017-16922
- EPSS 0.59%
- Veröffentlicht 05.03.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:17:14
In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically crafted HTTP request.
CVE-2018-7047
- EPSS 2.84%
- Veröffentlicht 01.03.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:11:33
An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials (remote code execution may be possible as well).
CVE-2018-7049
- EPSS 0.3%
- Veröffentlicht 01.03.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:11:33
An issue was discovered in Wowza Streaming Engine before 4.7.1. There is an XSS vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager) causing script injection and/or refl...
CVE-2018-7048
- EPSS 1.56%
- Veröffentlicht 01.03.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:11:33
An issue was discovered in Wowza Streaming Engine before 4.7.1. There is a denial of service (memory consumption) via a crafted HTTP request.