CVE-2026-33297

CVE-2026-33297 affects WWBN AVideo prior to version 26.0. A logic error in CustomizeUser/setPassword.json.php coerces any non-numeric ProfilePassword to 0 via intval(), causing the stored channel password to become 0. This enables any visitor to bypass channel-level access controls by entering 0....

CVE-2026-33297 AVideo has an IDOR - Any Admin Can Set Another User's Channel Password via setPassword.json.php

WWBN AVideo is an open source video platform. Prior to version 26.0, the setPassword.json.php endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password value is processed, any password containing non-numer...

CVE-2026-33297 AVideo has an IDOR - Any Admin Can Set Another User's Channel Password via setPassword.json.php

WWBN AVideo is an open source video platform. Prior to version 26.0, the setPassword.json.php endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password value is processed, any password containing non-numer...

AVideo: IDOR - Any Admin Can Set Another User's Channel Password Via SetPassword.json.php

Summary The "setPassword.json.php" endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password value is processed, any password containing non-numeric characters is silently coerced to the integer zero befor...

Authorization Bypass Through User-Controlled Key

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the setPassword.json.php endpoint. An attacker can gain unauthorized access to protected channels by submitting...

AVideo: IDOR - Any Admin Can Set Another User's Channel Password via setPassword.json.php

Summary The setPassword.json.php endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password value is processed, any password containing non-numeric characters is silently coerced to the integer zero before...

GHSA-6547-8HRG-C55M AVideo: IDOR - Any Admin Can Set Another User's Channel Password via setPassword.json.php

Summary The setPassword.json.php endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password value is processed, any password containing non-numeric characters is silently coerced to the integer zero before...

PT-2026-26475

Summary The setPassword.json.php endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password value is processed, any password containing non-numeric characters is silently coerced to the integer zero before...

Security update for freeradius-server (moderate)

openSUSE Security Update: Security update for freeradius-server Announcement ID: openSUSE-SU-2020:0553-1 Rating: moderate References: 1144524 1146848 1166847 Cross-References: CVE-2019-13456 CVE-2019-17185 Affected Products: openSUSE Leap 15.1 An update that solves two vulnerabilities and has one...

SUSE SLES12 Security Update : freeradius-server (SUSE-SU-2020:1018-1)

This update for freeradius-server fixes the following issues : CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd bsc1144524. CVE-2019-17185: Fixed a debial of service due to multithreaded BNCTX access bsc1166847. Fixed an issue in TLS-EAP where the OCSP verification, when an...

SUSE SLED15 / SLES15 Security Update : freeradius-server (SUSE-SU-2020:1023-1)

This update for freeradius-server fixes the following issues : CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd bsc1144524. CVE-2019-17185: Fixed a debial of service due to multithreaded BNCTX access bsc1166847. Fixed an issue in TLS-EAP where the OCSP verification, when an...

SUSE-SU-2020:1020-1 Security update for freeradius-server

This update for freeradius-server fixes the following issues: - CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd bsc1144524. - CVE-2019-17185: Fixed a debial of service due to multithreaded BNCTX access bsc1166847...

Cisco Identity Services Engine Misconfiguration Vulnerability

Cisco Identity Services Engine ISE is an identity-based environment awareness platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. A misconfiguration...