Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
Podatności dla
'Streaming engine'
2021-10-05
CVE-2021-35491
CWE-352
A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request.
CVE-2021-35492
CWE-400
Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this vulnerability through the Virtual Host Monitoring section by requesting random virtual-host historical data and exhausting available filesystem resources. A successful exploit could allow the attacker to cause database errors and cause the device to become unresponsive to web-based management. (Manual intervention is required to free filesystem resources and return the application to an operational state.)
2021-04-23
CVE-2021-31540
CWE-732
Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the application server configuration.
CVE-2021-31539
CWE-312
Wowza Streaming Engine through 4.8.5 (in a default installation) has cleartext passwords stored in the conf/admin.password file. A regular local user is able to read usernames and passwords.
2020-08-03
CVE-2019-19455
CWE-269
Wowza Streaming Engine through 2019-11-28 has Insecure Permissions.
CVE-2019-19453
CWE-79
Wowza Streaming Engine through 2019-11-28 allows XSS (issue 1 of 2).
2020-05-18
CVE-2019-19456
CWE-79
A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine <= 4.x.x.
CVE-2019-19454
NVD-CWE-noinfo
An arbitrary file download was found in the "Download Log" functionality of Wowza Streaming Engine <= 4.x.x
2020-04-14
CVE-2020-9004
CWE-863
A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.7.8 (build 20191105123929) allows any read-only user to issue requests to the administration panel in order to change functionality. For example, a read-only user may activate the Java JMX port in unauthenticated mode and execute OS commands under root privileges.
2020-01-29
CVE-2019-7656
CWE-276
A privilege escalation vulnerability in Wowza Streaming Engine 4.7.7 and 4.7.8 allows any unprivileged Linux user to escalate privileges to root. The installer sets too relaxed permissions on /usr/local/WowzaStreamingEngine/bin/* core program files. By injecting a payload into one of those files, it will run with the same privileges as the Wowza server, root. For example, /usr/local/WowzaStreamingEngine/bin/tune.sh could be replaced with a Trojan horse.
Copyright
2024
, cxsecurity.com
Back to Top
Podatności dla 'Streaming engine' 
Polish
English