PT-2026-31217

Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-conferencing-with-zoom-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Conferencing with Zoom: from n/a through = 4.6.6...

EUVD-2013-4485

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-14305

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port...

The vulnerability of the "Yandex.Telemost" video conference software for macOS allows a hacker to elevate their privileges and gain access to the device’s hardware resources.

The vulnerability of the "Yandex.Telemost" video conference software lies in the use of an unreliable search path. Exploiting this vulnerability can allow attackers to enhance their privileges and gain access to the device’s hardware resources...

An ETSI GS QKD Compliant TLS Implementation

A modification of the TLS protocol is presented, using our implementation of the Quantum Key Distribution QKD standard ETSI GS QKD 014 v1.1.1. We rely on the Rustls library for this. The TLS protocol is modified while maintaining backward compatibility on the client and server side. We thus wish ...

The vulnerability of the Vinteo video conference software server lies in the lack of protective measures for website structures. This allows attackers to carry out XSS attacks and execute arbitrary requests.

The vulnerability of the Vinteo video conference software server lies in the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely and execute arbitrary requests...

The vulnerability of VideoGrace video conference software, related to insufficient validation of input data, allows a perpetrator to cause service failures.

The vulnerability of VideoGrace video conferencing software is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...

The vulnerability of VideoGrace video conference software, related to insufficient validation of input data, allows a intruder to trigger a service failure.

The vulnerability of VideoGrace video conferencing software is related to insufficient verification of input data. Exploiting this vulnerability can allow attackers to cause service failures...

CVE-2013-4629

The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated users to hijack sessions via an unspecified interception method...

The vulnerability of the "Yandex.Telemost" video conference software lies in its use of an unreliable search path, allowing a hacker to execute arbitrary code.

The vulnerability of the "Yandex.Telemost" video conference software lies in the use of an unreliable search path. Exploiting this vulnerability could allow a hacker to execute arbitrary code...

The vulnerability of the Crestron Automate VX video conference management system, related to the transmission of accounting data in unencrypted form, allows a intruder to disclose the transmitted accounting data and gain unauthorized access to the system.

The vulnerability of the Crestron Automate VX video conference system lies in the transmission of account information in an unencrypted form. Exploiting this vulnerability could allow a malicious actor to disclose the transmitted account information and gain unauthorized access to the system...

Shenzhen Qixin Haozitong Cloud Computing Co., Ltd. Haozitong-Cloud Conference has file upload vulnerability

GoodView-Cloud Conference is a network video conference product based on cloud computing technology. Shenzhen Qixin Haozitong Cloud Computing Co., Ltd Haozitong-Cloud Conference has a file upload vulnerability that can be exploited by an attacker to gain control of the server...

Certain Poly Video Conference Devices – Potential Remote Code Execution

A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself. The recommendation is to update an impacted devi...

D-Link I2eye Video Conference AutoAnswer (WDBRPC)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'D-Link i2eye Video Conference AutoAnswer WDBRPC', 'Description' = %q This module can be used to enable auto-answer mode for the D-Link i2eye vide...

CVE-2024-30437 WordPress Webinar and Video Conference with Jitsi Meet plugin <= 2.6.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPPOOL Webinar and Video Conference with Jitsi Meet allows Stored XSS.This issue affects Webinar and Video Conference with Jitsi Meet: from n/a through 2.6.3...

CVE-2024-30437 WordPress Webinar and Video Conference with Jitsi Meet plugin <= 2.6.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPPOOL Webinar and Video Conference with Jitsi Meet allows Stored XSS.This issue affects Webinar and Video Conference with Jitsi Meet: from n/a through 2.6.3...

CVE-2024-30437

CVE-2024-30437 affects WPPOOL Webinar and Video Conference with Jitsi Meet: Improper neutralization of input in web page generation leads to Stored XSS. Affected: Webinar and Video Conference with Jitsi Meet from n/a through version 2.6.3. No exploitation status or patch details are provided in t...

WordPress Plugin Webinar and Video Conference with Jitsi Meet 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2024-23365 · Unknown · Wppool Webinar/Video Conference With Jitsi Meet

Name of the Vulnerable Software and Affected Versions: WPPOOL Webinar and Video Conference with Jitsi Meet versions n/a through 2.6.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS...

WordPress Webinar and Video Conference with Jitsi Meet Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS)

Software Webinar and Video Conference with Jitsi Meet Type Plugin Vulnerable versions = 2.6.3 Fixed in 2.6.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30437 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1c0351b4d07f Credits LVT-tholv...