RSS   Vulnerabilities for 'Control room management suite'   RSS

2022-06-02
 
CVE-2022-26971

CWE-287
 

 
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. This upload can be executed without authentication.

 
 
CVE-2022-26972

CWE-79
 

 
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS.

 
 
CVE-2022-26973

CWE-209
 

 
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details.

 
 
CVE-2022-26974

CWE-79
 

 
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Lack of input sanitization in the upload mechanism leads to reflected XSS.

 
 
CVE-2022-26975

CWE-287
 

 
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication.

 
 
CVE-2022-26976

CWE-79
 

 
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS.

 
 
CVE-2022-26977

CWE-79
 

 
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS.

 
 
CVE-2022-26978

CWE-79
 

 
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leading to reflected XSS.

 
2022-04-03
 
CVE-2022-26233

CWE-22
 

 
Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring.

 

 >>> Vendor: Barco 6 Products
Clickshare cse-200 firmware
Clickshare csc-1 firmware
Clickshare csm-1 firmware
Wepresent wipg-1000p firmware
Mirrorop windows sender
Control room management suite


Copyright 2024, cxsecurity.com

 

Back to Top