RSS   Vulnerabilities for
'Videowhisper live streaming integration'
   RSS

2018-03-19
 
CVE-2014-2297

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. NOTE: vector 1 may overlap CVE-2014-1906.4.

 
2014-12-29
 
CVE-2014-1908

CWE-200
 

 
The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.

 
 
CVE-2014-1905

CWE-77
 

 
Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename.

 
2014-07-01
 
CVE-2014-4569

 

 
Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter.

 

 >>> Vendor: Videowhisper 10 Products
Webcam
Php 2 way video chat
Live streaming integration plugin
Videowhisper
Videowhisper live streaming integration
Video posts webcam recorder
Video presentation
Video conference
Video comments webcam recorder
2way videocalls and random chat


Copyright 2024, cxsecurity.com

 

Back to Top