15 matches found
CVE-2024-38289
A boolean-based SQL injection issue in the Virtual Meeting Password VMP endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input...
CVE-2024-38288
A command-injection issue in the Certificate Signing Request CSR functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root...
CVE-2024-38287
The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value...
CVE-2024-38289
A boolean-based SQL injection issue in the Virtual Meeting Password VMP endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input...
CVE-2024-38287
The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value...
CVE-2024-38288
A command-injection issue in the Certificate Signing Request CSR functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root...
CVE-2024-38289
A boolean-based SQL injection issue in the Virtual Meeting Password VMP endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input...
CVE-2024-38287
The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value...
CVE-2024-38288
A command-injection issue in the Certificate Signing Request CSR functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root...
CVE-2024-38287
The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value...
CVE-2024-38288
CVE-2024-38288 affects R-HUB TurboMeeting (through 8.x). The CSR feature in the admin portal is vulnerable to command injection, allowing authenticated administrators to run arbitrary OS commands on the server with root privileges. Documents confirm post-auth exploitation details in Nuclei templa...
CVE-2024-38288
A command-injection issue in the Certificate Signing Request CSR functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root...
CVE-2024-38289
A boolean-based SQL injection issue in the Virtual Meeting Password VMP endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input...
CVE-2024-38287
The CVE-2024-38287 issue affects R-HUB TurboMeeting versions through 8.x, where the Forgot Password password-reset flow can be abused by unauthenticated remote attackers to reset the administrator password to an insecure 8-digit value. Root cause: insecure password-reset mechanism in the Forgot P...
PT-2024-27926 · R Hub · R-Hub Turbomeeting
Name of the Vulnerable Software and Affected Versions: R-HUB TurboMeeting versions prior to 9.x Description: A command-injection issue in the Certificate Signing Request CSR functionality allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying...