Lucene search
K

235 matches found

Positive Technologies
Positive Technologies
added 2024/07/30 12:0 a.m.5 views

PT-2024-8652 · Wowza · Wowza Streaming Engine

Name of the Vulnerable Software and Affected Versions: Wowza Streaming Engine versions prior to 4.9.1 Description: The issue is related to a path traversal vulnerability in the Manager component of Wowza Streaming Engine. This vulnerability allows an administrator user to create an XML definition...

5.1CVSS7.5AI score0.00727EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/07/30 12:0 a.m.5 views

PT-2024-8653 · Wowza · Wowza Streaming Engine

Name of the Vulnerable Software and Affected Versions: Wowza Streaming Engine versions prior to 4.9.1 Description: The issue is related to a path traversal vulnerability in the Manager component of Wowza Streaming Engine. This vulnerability allows an administrator user to read any file on the fil...

8.2CVSS7AI score0.00974EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/07/30 12:0 a.m.3 views

PT-2024-8654 · Wowza · Wowza Streaming Engine

Name of the Vulnerable Software and Affected Versions: Wowza Streaming Engine versions prior to 4.9.1 Description: The issue is related to a path traversal vulnerability in the Manager component of Wowza Streaming Engine. This vulnerability allows an administrator user to delete any directory on...

6.9CVSS7.4AI score0.00677EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/07/30 12:0 a.m.5 views

PT-2024-8651 · Wowza · Wowza Streaming Engine

Name of the Vulnerable Software and Affected Versions: Wowza Streaming Engine versions prior to 4.9.1 Description: The issue is related to insufficient input validation in Wowza Streaming Engine, which can be exploited by a remote attacker to execute arbitrary code. An authenticated Streaming...

9.4CVSS8.4AI score0.00479EPSS
Exploits0References12
VulnCheck KEV
VulnCheck KEV
added 2023/11/26 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-19365

The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request...

9.1CVSS7.3AI score0.22292EPSS
Exploits1References1
Rapid7 Blog
Rapid7 Blog
added 2023/03/10 7:0 p.m.56 views

Metasploit Weekly Wrap-Up

Wowza, a new credential gatherer and login scanner! This week Metasploit Framework gained a credential gatherer for Wowza Streaming Engine Manager. Credentials for this application are stored in a file named admin.password in a known location and the file is readable by default by BUILTIN\Users o...

5CVSS9.5AI score0.80274EPSS
Exploits8
Metasploit
Metasploit
added 2023/03/08 7:52 p.m.403 views

Gather Wowza Streaming Engine Credentials

This module collects Wowza Streaming Engine user credentials. Module Options msf use post/multi/gather/wowzastreamingenginecreds msf postwowzastreamingenginecreds show actions ...actions... msf postwowzastreamingenginecreds set ACTION msf postwowzastreamingenginecreds show options ...show and set...

7.1AI score
Exploits0
Metasploit
Metasploit
added 2023/03/07 7:52 p.m.352 views

Wowza Streaming Engine Manager Login Utility

This module will attempt to authenticate to Wowza Streaming Engine via Wowza Streaming Engine Manager web interface. Module Options msf use auxiliary/scanner/http/wowzastreamingenginemanagerlogin msf auxiliarywowzastreamingenginemanagerlogin show actions ...actions... msf...

5.9AI score
Exploits0
OpenVAS
OpenVAS
added 2022/11/23 12:0 a.m.12 views

Wowza Streaming Engine Manager Detection (HTTP)

HTTP base detection for Wowza Streaming Engine Manager. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4AI score
Exploits0
OSV
OSV
added 2021/10/05 4:15 p.m.3 views

CVE-2021-35492

Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this...

6.5CVSS5.8AI score0.03284EPSS
Exploits1References3
NVD
NVD
added 2021/10/05 4:15 p.m.17 views

CVE-2021-35491

A Cross-Site Request Forgery CSRF vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request. This issue was resolv...

8.1CVSS0.00854EPSS
Exploits1References3
OSV
OSV
added 2021/10/05 4:15 p.m.5 views

CVE-2021-35491

A Cross-Site Request Forgery CSRF vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request. This issue was resolv...

8.1CVSS5.8AI score0.00854EPSS
Exploits1References3
NVD
NVD
added 2021/10/05 4:15 p.m.18 views

CVE-2021-35492

Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this...

6.5CVSS0.03284EPSS
Exploits1References3
Prion
Prion
added 2021/10/05 4:15 p.m.18 views

Design/Logic Flaw

Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this...

4CVSS6.5AI score0.03284EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2021/10/05 4:15 p.m.14 views

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request. This issue was resolv...

5.8CVSS8.1AI score0.00854EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2021/10/05 3:12 p.m.64 views

CVE-2021-35492

The CVE affects Wowza Streaming Engine up to version 4.8.11+5. An authenticated, remote attacker could exhaust filesystem resources by repeatedly requesting random virtual-host historical data through the /enginemanager/server/vhost/historical.jsdata parameter in the Virtual Host Monitoring secti...

6.5CVSS6.4AI score0.03284EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/10/05 3:12 p.m.27 views

CVE-2021-35492

Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this...

6.7AI score0.03284EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/10/05 3:10 p.m.24 views

CVE-2021-35491

A Cross-Site Request Forgery CSRF vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request. This issue was resolv...

8.3AI score0.00854EPSS
Exploits1References3
CVE
CVE
added 2021/10/05 3:10 p.m.55 views

CVE-2021-35491

CVE-2021-35491 affects Wowza Streaming Engine prior to 4.8.14. A CSRF vulnerability allows remote attackers to delete a user account via GET /enginemanager/server/user/delete.htm with a userName parameter. The issue arises because the application does not implement a CSRF token for the GET reques...

8.1CVSS8.1AI score0.00854EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2021/10/05 12:0 a.m.4 views

Wowza Media Systems Wowza Streaming Engine 跨站请求伪造漏洞

Wowza Media Systems Wowza Streaming Engine is a powerful, customizable and scalable media server software from Wowza Media Systems, USA. It is used to reliably stream high-quality video and audio to any device, anywhere. A cross-site request forgery vulnerability exists in Wowza Streaming Engine...

8.1CVSS7.6AI score0.00854EPSS
Exploits1References4
Rows per page
Query Builder