Lucene search
+L

15 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:45 a.m.15 views

CVE-2024-38289

A boolean-based SQL injection issue in the Virtual Meeting Password VMP endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input...

9.8CVSS8.1AI score0.40874EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:45 a.m.7 views

CVE-2024-38288

A command-injection issue in the Certificate Signing Request CSR functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root...

7.2CVSS7.6AI score0.03216EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:45 a.m.11 views

CVE-2024-38287

The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value...

9.8CVSS7.3AI score0.00544EPSS
Exploits0References1
NVD
NVD
added 2024/07/25 8:15 p.m.41 views

CVE-2024-38289

A boolean-based SQL injection issue in the Virtual Meeting Password VMP endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input...

9.8CVSS0.40874EPSS
Exploits1References2
NVD
NVD
added 2024/07/25 8:15 p.m.19 views

CVE-2024-38287

The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value...

9.8CVSS0.00544EPSS
Exploits0References2
NVD
NVD
added 2024/07/25 8:15 p.m.16 views

CVE-2024-38288

A command-injection issue in the Certificate Signing Request CSR functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root...

7.2CVSS0.03216EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/07/25 12:0 a.m.23 views

CVE-2024-38289

A boolean-based SQL injection issue in the Virtual Meeting Password VMP endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input...

8.1AI score0.40874EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/07/25 12:0 a.m.22 views

CVE-2024-38287

The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value...

0.00544EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/25 12:0 a.m.22 views

CVE-2024-38288

A command-injection issue in the Certificate Signing Request CSR functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root...

0.03216EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/07/25 12:0 a.m.16 views

CVE-2024-38287

The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value...

7.2AI score0.00544EPSS
Exploits0References2
CVE
CVE
added 2024/07/25 12:0 a.m.92 views

CVE-2024-38288

CVE-2024-38288 affects R-HUB TurboMeeting (through 8.x). The CSR feature in the admin portal is vulnerable to command injection, allowing authenticated administrators to run arbitrary OS commands on the server with root privileges. Documents confirm post-auth exploitation details in Nuclei templa...

7.2CVSS7.8AI score0.03216EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/25 12:0 a.m.14 views

CVE-2024-38288

A command-injection issue in the Certificate Signing Request CSR functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root...

7.8AI score0.03216EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/07/25 12:0 a.m.44 views

CVE-2024-38289

A boolean-based SQL injection issue in the Virtual Meeting Password VMP endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input...

0.40874EPSS
Exploits1References2
CVE
CVE
added 2024/07/25 12:0 a.m.58 views

CVE-2024-38287

The CVE-2024-38287 issue affects R-HUB TurboMeeting versions through 8.x, where the Forgot Password password-reset flow can be abused by unauthenticated remote attackers to reset the administrator password to an insecure 8-digit value. Root cause: insecure password-reset mechanism in the Forgot P...

9.8CVSS7.5AI score0.00544EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/25 12:0 a.m.7 views

PT-2024-27926 · R Hub · R-Hub Turbomeeting

Name of the Vulnerable Software and Affected Versions: R-HUB TurboMeeting versions prior to 9.x Description: A command-injection issue in the Certificate Signing Request CSR functionality allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying...

7.2CVSS7.9AI score0.03216EPSS
Exploits1References5
Rows per page
Query Builder