69 matches found
EUVD-2026-43608
SQL Injection vulnerability in Shenzhou Shihan Video Conference System v.1.0 allows a remote attacker to execute arbitrary code via the /user/getUserLogin endpoint...
CVE-2026-51821
SQL Injection vulnerability in Shenzhou Shihan Video Conference System v.1.0 allows a remote attacker to execute arbitrary code via the /user/getUserLogin endpoint...
CVE-2026-51821
SQL Injection vulnerability in Shenzhou Shihan Video Conference System v.1.0 allows a remote attacker to execute arbitrary code via the /user/getUserLogin endpoint...
CVE-2026-51821
Affected software: Shenzhou Shihan Video Conference System v1.0. Vulnerability: SQL Injection in the /user/getUserLogin endpoint. Root cause: Unsafely constructed SQL queries allow an attacker to inject arbitrary SQL. Impact: Remote attacker can execute arbitrary code with the system’s privileges...
PT-2026-31217
Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-conferencing-with-zoom-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Conferencing with Zoom: from n/a through = 4.6.6...
EUVD-2013-4485
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-14305
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port...
The vulnerability of the "Yandex.Telemost" video conference software for macOS allows a hacker to elevate their privileges and gain access to the device’s hardware resources.
The vulnerability of the "Yandex.Telemost" video conference software lies in the use of an unreliable search path. Exploiting this vulnerability can allow attackers to enhance their privileges and gain access to the device’s hardware resources...
An ETSI GS QKD Compliant TLS Implementation
A modification of the TLS protocol is presented, using our implementation of the Quantum Key Distribution QKD standard ETSI GS QKD 014 v1.1.1. We rely on the Rustls library for this. The TLS protocol is modified while maintaining backward compatibility on the client and server side. We thus wish ...
The vulnerability of the Vinteo video conference software server lies in the lack of protective measures for website structures. This allows attackers to carry out XSS attacks and execute arbitrary requests.
The vulnerability of the Vinteo video conference software server lies in the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely and execute arbitrary requests...
The vulnerability of VideoGrace video conference software, related to insufficient validation of input data, allows a perpetrator to cause service failures.
The vulnerability of VideoGrace video conferencing software is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of VideoGrace video conference software, related to insufficient validation of input data, allows a intruder to trigger a service failure.
The vulnerability of VideoGrace video conferencing software is related to insufficient verification of input data. Exploiting this vulnerability can allow attackers to cause service failures...
CVE-2013-4629
The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated users to hijack sessions via an unspecified interception method...
The vulnerability of the "Yandex.Telemost" video conference software lies in its use of an unreliable search path, allowing a hacker to execute arbitrary code.
The vulnerability of the "Yandex.Telemost" video conference software lies in the use of an unreliable search path. Exploiting this vulnerability could allow a hacker to execute arbitrary code...
The vulnerability of the Crestron Automate VX video conference management system, related to the transmission of accounting data in unencrypted form, allows a intruder to disclose the transmitted accounting data and gain unauthorized access to the system.
The vulnerability of the Crestron Automate VX video conference system lies in the transmission of account information in an unencrypted form. Exploiting this vulnerability could allow a malicious actor to disclose the transmitted account information and gain unauthorized access to the system...
Shenzhen Qixin Haozitong Cloud Computing Co., Ltd. Haozitong-Cloud Conference has file upload vulnerability
GoodView-Cloud Conference is a network video conference product based on cloud computing technology. Shenzhen Qixin Haozitong Cloud Computing Co., Ltd Haozitong-Cloud Conference has a file upload vulnerability that can be exploited by an attacker to gain control of the server...
Certain Poly Video Conference Devices – Potential Remote Code Execution
A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself. The recommendation is to update an impacted devi...
D-Link I2eye Video Conference AutoAnswer (WDBRPC)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'D-Link i2eye Video Conference AutoAnswer WDBRPC', 'Description' = %q This module can be used to enable auto-answer mode for the D-Link i2eye vide...
CVE-2024-30437
CVE-2024-30437 affects WPPOOL Webinar and Video Conference with Jitsi Meet: Improper neutralization of input in web page generation leads to Stored XSS. Affected: Webinar and Video Conference with Jitsi Meet from n/a through version 2.6.3. No exploitation status or patch details are provided in t...
CVE-2024-30437 WordPress Webinar and Video Conference with Jitsi Meet plugin <= 2.6.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPPOOL Webinar and Video Conference with Jitsi Meet allows Stored XSS.This issue affects Webinar and Video Conference with Jitsi Meet: from n/a through 2.6.3...