235 matches found
CVE-2016-20034
Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser...
CVE-2016-20035
Wowza Streaming Engine 4.5.0 is affected by a CSRF vulnerability via the user edit endpoint that lets an attacker craft pages to cause admin actions (e.g., creating admin accounts with arbitrary credentials). The issue arises from insufficient request validation, enabling an authenticated session...
CVE-2016-20034 Wowza Streaming Engine 4.5.0 Privilege Escalation via user edit
Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser...
CVE-2016-20034
CVE-2016-20034 affects Wowza Streaming Engine 4.5.0. The vulnerability allows an authenticated read-only user to elevate privileges to administrator by manipulating POST parameters on the user edit endpoint, specifically setting accessLevel to 'admin' and advUser to 'true' and 'on'. The issue is ...
CVE-2016-20035 Wowza Streaming Engine 4.5.0 CSRF via user edit endpoint
Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoin...
CVE-2016-20033
Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions granting full access to the Everyone group. Attackers can replace the nssmx64.exe binary in the...
CVE-2016-20033 Wowza Streaming Engine 4.5.0 Local Privilege Escalation via nssm_x64.exe
Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions granting full access to the Everyone group. Attackers can replace the nssmx64.exe binary in the...
CVE-2016-20033 Wowza Streaming Engine 4.5.0 Local Privilege Escalation via nssm_x64.exe
Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions granting full access to the Everyone group. Attackers can replace the nssmx64.exe binary in the...
CVE-2016-20033
Wowza Streaming Engine 4.5.0 is affected by a local privilege escalation vulnerability. Authenticated users can replace the nssm_x64.exe binary in the manager and engine service directories with a malicious executable due to improper file permissions granting full access to the Everyone group, al...
CVE-2026-20056
A vulnerability in the Dynamic Vectoring and Streaming DVS Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is du...
CVE-2026-20056
A vulnerability in the Dynamic Vectoring and Streaming DVS Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is du...
EUVD-2026-5425
A vulnerability in the Dynamic Vectoring and Streaming DVS Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is du...
CVE-2021-31539
Wowza Streaming Engine before 4.8.8.01 in a default installation has cleartext passwords stored in the conf/admin.password file. A regular local user is able to read usernames and passwords...
CVE-2019-7655
Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the 1 customList%5B0%5D.value field in enginemanager/server/serversetup/editadv.htm of the Server Setup configuration or the 2 host field in enginemanager/jspringsecuritycheck of the login form. This issu...
CVE-2019-7654
Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another admin user via enginemanager/server/user/edit.htm in the Server-Users component. This issue w...
CVE-2019-7656
A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any unprivileged Linux user to escalate privileges to root. The installer sets too relaxed permissions on /usr/local/WowzaStreamingEngine/bin/ core program files. By injecting a payload into one of those files...
EUVD-2019-9073
Malware in sbrugna...
EUVD-2019-17187
Malware in sbrugna...
EUVD-2019-9076
Malware in sbrugna...
EUVD-2021-18437
Malware in sbrugna...