TurboMeeting - Boolean-based SQL Injection

A Boolean-based SQL injection vulnerability in the "RHUB TurboMeeting" web application. This vulnerability could allow an attacker to execute arbitrary SQL commands on the database server, potentially allowing them to access sensitive data or compromise the server. id: CVE-2024-38289 info: name:...

TurboMeeting - Post-Authentication Command Injection

The Certificate Signing Request CSR feature in the admin portal of the application is vulnerable to command injection. This vulnerability could allow authenticated admin users to execute arbitrary commands on the underlying server by injecting malicious input into the CSR generation process. The...

CVE-2024-38289

A boolean-based SQL injection issue in the Virtual Meeting Password VMP endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input...

CVE-2024-38287

The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value...

CVE-2024-38288

A command-injection issue in the Certificate Signing Request CSR functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root...

CVE-2024-38289

A boolean-based SQL injection issue in the Virtual Meeting Password VMP endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input...

CVE-2024-38288

A command-injection issue in the Certificate Signing Request CSR functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root...

CVE-2024-38287

The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value...

CVE-2024-38288

A command-injection issue in the Certificate Signing Request CSR functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root...

RHUB TurboMeeting 安全漏洞

RHUB TurboMeeting is a collaboration solution from RHUB Corp. It provides web conferencing, remote support, audio conferencing, video conferencing, remote access, and webinar support. A security vulnerability exists in RHUB TurboMeeting versions prior to 8.X. The vulnerability is caused by a remo...

CVE-2024-38288

CVE-2024-38288 affects R-HUB TurboMeeting (through 8.x). The CSR feature in the admin portal is vulnerable to command injection, allowing authenticated administrators to run arbitrary OS commands on the server with root privileges. Documents confirm post-auth exploitation details in Nuclei templa...

RHUB TurboMeeting 安全漏洞

RHUB TurboMeeting is a collaboration solution from RHUB Corp. It provides web conferencing, remote support, audio conferencing, video conferencing, remote access, and webinar support. A security vulnerability exists in RHUB TurboMeeting versions prior to 8.X. The vulnerability stems from the...

CVE-2024-38287

The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value...

CVE-2024-38288

A command-injection issue in the Certificate Signing Request CSR functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root...

PT-2024-27925 · R Hub · R-Hub Turbomeeting

Name of the Vulnerable Software and Affected Versions: R-HUB TurboMeeting versions through 8.x Description: The password-reset mechanism in the Forgot Password functionality allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random...

CVE-2024-38287

The CVE-2024-38287 issue affects R-HUB TurboMeeting versions through 8.x, where the Forgot Password password-reset flow can be abused by unauthenticated remote attackers to reset the administrator password to an insecure 8-digit value. Root cause: insecure password-reset mechanism in the Forgot P...

PT-2024-27926 · R Hub · R-Hub Turbomeeting

Name of the Vulnerable Software and Affected Versions: R-HUB TurboMeeting versions prior to 9.x Description: A command-injection issue in the Certificate Signing Request CSR functionality allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying...

CVE-2024-38289

A boolean-based SQL injection issue in the Virtual Meeting Password VMP endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input...

CVE-2024-38287

The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value...

RHUB TurboMeeting 安全漏洞

RHUB TurboMeeting is a collaboration solution from RHUB Corp. It provides web conferencing, remote support, audio conferencing, video conferencing, remote access, and webinar support. A security vulnerability exists in RHUB TurboMeeting versions prior to 8.X. The vulnerability stems from a comman...