235 matches found
PT-2024-8652 · Wowza · Wowza Streaming Engine
Name of the Vulnerable Software and Affected Versions: Wowza Streaming Engine versions prior to 4.9.1 Description: The issue is related to a path traversal vulnerability in the Manager component of Wowza Streaming Engine. This vulnerability allows an administrator user to create an XML definition...
PT-2024-8653 · Wowza · Wowza Streaming Engine
Name of the Vulnerable Software and Affected Versions: Wowza Streaming Engine versions prior to 4.9.1 Description: The issue is related to a path traversal vulnerability in the Manager component of Wowza Streaming Engine. This vulnerability allows an administrator user to read any file on the fil...
PT-2024-8654 · Wowza · Wowza Streaming Engine
Name of the Vulnerable Software and Affected Versions: Wowza Streaming Engine versions prior to 4.9.1 Description: The issue is related to a path traversal vulnerability in the Manager component of Wowza Streaming Engine. This vulnerability allows an administrator user to delete any directory on...
PT-2024-8651 · Wowza · Wowza Streaming Engine
Name of the Vulnerable Software and Affected Versions: Wowza Streaming Engine versions prior to 4.9.1 Description: The issue is related to insufficient input validation in Wowza Streaming Engine, which can be exploited by a remote attacker to execute arbitrary code. An authenticated Streaming...
VulnCheck KEV: CVE-2018-19365
The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request...
Metasploit Weekly Wrap-Up
Wowza, a new credential gatherer and login scanner! This week Metasploit Framework gained a credential gatherer for Wowza Streaming Engine Manager. Credentials for this application are stored in a file named admin.password in a known location and the file is readable by default by BUILTIN\Users o...
Gather Wowza Streaming Engine Credentials
This module collects Wowza Streaming Engine user credentials. Module Options msf use post/multi/gather/wowzastreamingenginecreds msf postwowzastreamingenginecreds show actions ...actions... msf postwowzastreamingenginecreds set ACTION msf postwowzastreamingenginecreds show options ...show and set...
Wowza Streaming Engine Manager Login Utility
This module will attempt to authenticate to Wowza Streaming Engine via Wowza Streaming Engine Manager web interface. Module Options msf use auxiliary/scanner/http/wowzastreamingenginemanagerlogin msf auxiliarywowzastreamingenginemanagerlogin show actions ...actions... msf...
Wowza Streaming Engine Manager Detection (HTTP)
HTTP base detection for Wowza Streaming Engine Manager. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-35492
Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this...
CVE-2021-35491
A Cross-Site Request Forgery CSRF vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request. This issue was resolv...
CVE-2021-35491
A Cross-Site Request Forgery CSRF vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request. This issue was resolv...
CVE-2021-35492
Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this...
Design/Logic Flaw
Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this...
Cross site request forgery (csrf)
A Cross-Site Request Forgery CSRF vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request. This issue was resolv...
CVE-2021-35492
The CVE affects Wowza Streaming Engine up to version 4.8.11+5. An authenticated, remote attacker could exhaust filesystem resources by repeatedly requesting random virtual-host historical data through the /enginemanager/server/vhost/historical.jsdata parameter in the Virtual Host Monitoring secti...
CVE-2021-35492
Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this...
CVE-2021-35491
A Cross-Site Request Forgery CSRF vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request. This issue was resolv...
CVE-2021-35491
CVE-2021-35491 affects Wowza Streaming Engine prior to 4.8.14. A CSRF vulnerability allows remote attackers to delete a user account via GET /enginemanager/server/user/delete.htm with a userName parameter. The issue arises because the application does not implement a CSRF token for the GET reques...
Wowza Media Systems Wowza Streaming Engine 跨站请求伪造漏洞
Wowza Media Systems Wowza Streaming Engine is a powerful, customizable and scalable media server software from Wowza Media Systems, USA. It is used to reliably stream high-quality video and audio to any device, anywhere. A cross-site request forgery vulnerability exists in Wowza Streaming Engine...