Lucene search
K

235 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/15 6:34 p.m.3 views

CVE-2016-20034

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser...

5.8AI score0.00209EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2026/03/15 6:34 p.m.10 views

CVE-2016-20035

Wowza Streaming Engine 4.5.0 is affected by a CSRF vulnerability via the user edit endpoint that lets an attacker craft pages to cause admin actions (e.g., creating admin accounts with arbitrary credentials). The issue arises from insufficient request validation, enabling an authenticated session...

6.9CVSS5.7AI score0.00156EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/15 6:34 p.m.3 views

CVE-2016-20034 Wowza Streaming Engine 4.5.0 Privilege Escalation via user edit

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser...

8.8CVSS5.8AI score0.00209EPSS
Exploits2References3
CVE
CVE
added 2026/03/15 6:34 p.m.16 views

CVE-2016-20034

CVE-2016-20034 affects Wowza Streaming Engine 4.5.0. The vulnerability allows an authenticated read-only user to elevate privileges to administrator by manipulating POST parameters on the user edit endpoint, specifically setting accessLevel to 'admin' and advUser to 'true' and 'on'. The issue is ...

8.8CVSS5.8AI score0.00209EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2026/03/15 6:34 p.m.25 views

CVE-2016-20035 Wowza Streaming Engine 4.5.0 CSRF via user edit endpoint

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoin...

6.9CVSS0.00156EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/03/15 6:34 p.m.2 views

CVE-2016-20033

Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions granting full access to the Everyone group. Attackers can replace the nssmx64.exe binary in the...

6AI score0.00208EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2026/03/15 6:34 p.m.25 views

CVE-2016-20033 Wowza Streaming Engine 4.5.0 Local Privilege Escalation via nssm_x64.exe

Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions granting full access to the Everyone group. Attackers can replace the nssmx64.exe binary in the...

8.5CVSS0.00208EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2026/03/15 6:34 p.m.2 views

CVE-2016-20033 Wowza Streaming Engine 4.5.0 Local Privilege Escalation via nssm_x64.exe

Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions granting full access to the Everyone group. Attackers can replace the nssmx64.exe binary in the...

8.5CVSS6AI score0.00208EPSS
Exploits2References3
CVE
CVE
added 2026/03/15 6:34 p.m.14 views

CVE-2016-20033

Wowza Streaming Engine 4.5.0 is affected by a local privilege escalation vulnerability. Authenticated users can replace the nssm_x64.exe binary in the manager and engine service directories with a malicious executable due to improper file permissions granting full access to the Everyone group, al...

8.5CVSS6AI score0.00208EPSS
Exploits2References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/05 7:23 p.m.6 views

CVE-2026-20056

A vulnerability in the Dynamic Vectoring and Streaming DVS Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is du...

4CVSS5.6AI score0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/02/04 5:16 p.m.6 views

CVE-2026-20056

A vulnerability in the Dynamic Vectoring and Streaming DVS Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is du...

4CVSS0.0014EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/04 4:11 p.m.6 views

EUVD-2026-5425

A vulnerability in the Dynamic Vectoring and Streaming DVS Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is du...

4CVSS5.6AI score0.0014EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:23 a.m.7 views

CVE-2021-31539

Wowza Streaming Engine before 4.8.8.01 in a default installation has cleartext passwords stored in the conf/admin.password file. A regular local user is able to read usernames and passwords...

5.5CVSS6.4AI score0.00299EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:37 a.m.8 views

CVE-2019-7655

Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the 1 customList%5B0%5D.value field in enginemanager/server/serversetup/editadv.htm of the Server Setup configuration or the 2 host field in enginemanager/jspringsecuritycheck of the login form. This issu...

5.4CVSS6.2AI score0.00949EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:34 a.m.5 views

CVE-2019-7654

Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another admin user via enginemanager/server/user/edit.htm in the Server-Users component. This issue w...

6.5CVSS7AI score0.00851EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:33 a.m.9 views

CVE-2019-7656

A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any unprivileged Linux user to escalate privileges to root. The installer sets too relaxed permissions on /usr/local/WowzaStreamingEngine/bin/ core program files. By injecting a payload into one of those files...

7.8CVSS7.3AI score0.00451EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-9073

Malware in sbrugna...

5.4CVSS5.6AI score0.00806EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-17187

Malware in sbrugna...

5.4CVSS5.6AI score0.00949EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-9076

Malware in sbrugna...

6.1CVSS6.3AI score0.00997EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-18437

Malware in sbrugna...

5.5CVSS5.5AI score0.00299EPSS
Exploits1References4
Rows per page
Query Builder