Lucene search
+L

103 matches found

OSV
OSV
added 2019/03/21 4:0 p.m.9 views

UBUNTU-CVE-2018-4058

An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that...

7.7CVSS7.1AI score0.00918EPSS
Exploits0References3
CVE
CVE
added 2019/03/21 2:30 p.m.117 views

CVE-2018-4059

CVE-2018-4059 affects coturn (TURN/STUN server). The issue is an unsafe default configuration: by default the TURN server runs an unauthenticated telnet admin portal on the loopback interface, allowing an attacker with telnet access to gain administrator rights over the TURN server. Impact can in...

10CVSS9.3AI score0.01897EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/03/21 2:30 p.m.27 views

CVE-2018-4059

An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuratio...

6.5CVSS9.5AI score0.01897EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2019/03/21 2:30 p.m.52 views

CVE-2018-4059

An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuratio...

10CVSS7.9AI score0.01897EPSS
Exploits0
CVE
CVE
added 2019/03/21 2:15 p.m.83 views

CVE-2018-4058

CVE-2018-4058 affects the TURN server functionality in coTURN prior to 4.5.0.9. The default configuration allows relaying external traffic to the loopback interface of the host, which can give an attacker access to other private services running on that host by initiating a relay with a loopback ...

7.7CVSS8.3AI score0.00918EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2019/03/21 2:15 p.m.51 views

CVE-2018-4058

An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that...

7.7CVSS8.3AI score0.00918EPSS
Exploits0
Cvelist
Cvelist
added 2019/03/21 2:15 p.m.26 views

CVE-2018-4058

An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that...

7.7CVSS8.4AI score0.00918EPSS
Exploits0References1
NVD
NVD
added 2019/02/05 6:29 p.m.13 views

CVE-2018-4056

An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator...

9.8CVSS9.8AI score0.02955EPSS
Exploits1References3
Prion
Prion
added 2019/02/05 6:29 p.m.33 views

Sql injection

An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator...

7.5CVSS9.6AI score0.02955EPSS
Exploits1References3Affected Software2
OSV
OSV
added 2019/02/05 6:29 p.m.4 views

CVE-2018-4056

An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator...

9.8CVSS9.7AI score
Exploits0References3
OSV
OSV
added 2019/02/05 6:29 p.m.3 views

DEBIAN-CVE-2018-4056

An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator...

9.8CVSS8.6AI score0.02955EPSS
Exploits1References1
OSV
OSV
added 2019/02/05 6:29 p.m.3 views

UBUNTU-CVE-2018-4056

An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator...

9.8CVSS7.4AI score0.02955EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/02/05 6:0 p.m.29 views

CVE-2018-4056

An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator...

9.1CVSS9.7AI score0.02955EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2019/01/31 12:0 a.m.507 views

coturn <= 4.5.0.8 Authentication Bypass Vulnerability - Active Check

coturn is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:coturn:coturn"; if...

9.8CVSS9.7AI score0.02955EPSS
Exploits1References2
Hacker One
Hacker One
added 2018/04/04 2:5 p.m.12 views

Slack: TURN server allows TCP and UDP proxying to internal network, localhost and meta-data services

The TURN servers used by Slack allow TCP connections and UDP packets to be proxied to the internal network. This gives an attacker the ability to scan and interact with internal systems. The attacker may proxy TCP connections to the internal network by setting the XOR-PEER-ADDRESS of the TURN...

0.5AI score
Exploits0
Talos
Talos
added 2018/01/29 12:0 a.m.536 views

coTURN Administrator Web Portal SQL injection vulnerability

Summary An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server...

9.8CVSS9.8AI score0.02955EPSS
Exploits1
Talos
Talos
added 2018/01/29 12:0 a.m.56 views

coTURN TURN server unsafe loopback forwarding default configuration vulnerability

Summary An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running o...

7.7CVSS8.5AI score0.00918EPSS
Exploits0
OSV
OSV
added 2017/09/13 10:29 p.m.3 views

CVE-2017-12249

A vulnerability in the Traversal Using Relay NAT TURN server included with Cisco Meeting Server CMS could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability is due to an incorrec...

9.1CVSS5.8AI score0.03134EPSS
Exploits0References3
NVD
NVD
added 2017/09/13 10:29 p.m.15 views

CVE-2017-12249

A vulnerability in the Traversal Using Relay NAT TURN server included with Cisco Meeting Server CMS could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability is due to an incorrec...

9.1CVSS9.3AI score0.03134EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/09/13 10:0 p.m.18 views

CVE-2017-12249

A vulnerability in the Traversal Using Relay NAT TURN server included with Cisco Meeting Server CMS could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability is due to an incorrec...

9.3AI score0.03134EPSS
Exploits0References3
Rows per page
Query Builder