PT-2026-31217

Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-conferencing-with-zoom-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Conferencing with Zoom: from n/a through = 4.6.6...

EUVD-2013-4485

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-14305

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port...

An ETSI GS QKD Compliant TLS Implementation

A modification of the TLS protocol is presented, using our implementation of the Quantum Key Distribution QKD standard ETSI GS QKD 014 v1.1.1. We rely on the Rustls library for this. The TLS protocol is modified while maintaining backward compatibility on the client and server side. We thus wish ...

CVE-2013-4629

The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated users to hijack sessions via an unspecified interception method...

Shenzhen Qixin Haozitong Cloud Computing Co., Ltd. Haozitong-Cloud Conference has file upload vulnerability

GoodView-Cloud Conference is a network video conference product based on cloud computing technology. Shenzhen Qixin Haozitong Cloud Computing Co., Ltd Haozitong-Cloud Conference has a file upload vulnerability that can be exploited by an attacker to gain control of the server...

Certain Poly Video Conference Devices – Potential Remote Code Execution

A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself. The recommendation is to update an impacted devi...

D-Link I2eye Video Conference AutoAnswer (WDBRPC)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'D-Link i2eye Video Conference AutoAnswer WDBRPC', 'Description' = %q This module can be used to enable auto-answer mode for the D-Link i2eye vide...

CVE-2024-30437

CVE-2024-30437 affects WPPOOL Webinar and Video Conference with Jitsi Meet: Improper neutralization of input in web page generation leads to Stored XSS. Affected: Webinar and Video Conference with Jitsi Meet from n/a through version 2.6.3. No exploitation status or patch details are provided in t...

CVE-2024-30437 WordPress Webinar and Video Conference with Jitsi Meet plugin <= 2.6.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPPOOL Webinar and Video Conference with Jitsi Meet allows Stored XSS.This issue affects Webinar and Video Conference with Jitsi Meet: from n/a through 2.6.3...

CVE-2024-30437 WordPress Webinar and Video Conference with Jitsi Meet plugin <= 2.6.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPPOOL Webinar and Video Conference with Jitsi Meet allows Stored XSS.This issue affects Webinar and Video Conference with Jitsi Meet: from n/a through 2.6.3...

WordPress Plugin Webinar and Video Conference with Jitsi Meet 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2024-23365 · Unknown · Wppool Webinar/Video Conference With Jitsi Meet

Name of the Vulnerable Software and Affected Versions: WPPOOL Webinar and Video Conference with Jitsi Meet versions n/a through 2.6.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS...

WordPress Webinar and Video Conference with Jitsi Meet Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS)

Software Webinar and Video Conference with Jitsi Meet Type Plugin Vulnerable versions = 2.6.3 Fixed in 2.6.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30437 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1c0351b4d07f Credits LVT-tholv...

WordPress Webinar and Video Conference with Jitsi Meet Plugin <= 1.2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Webinar and Video Conference with Jitsi Meet Type Plugin Vulnerable versions = 1.2.5 Fixed in 2.0.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d77b318b12e...

CVE-2022-20783

A vulnerability in the packet processing functionality of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient inp...

Cisco Webex Network Webex Player 缓冲区错误漏洞

Cisco Webex Network Webex Player is a player for playing video conference recordings from Cisco. A buffer error vulnerability exists in Cisco Webex Player that can be exploited by an attacker to cause the affected software to terminate or obtain memory state information related to the attacked...

Cisco Webex Network Webex Player 缓冲区错误漏洞

Cisco Webex Network Webex Player is a player for playing video conference recordings from Cisco. A buffer error vulnerability exists in Cisco Webex Player, which can be exploited by an attacker to execute arbitrary code on an affected system...

Weak password vulnerability in video conference management system of Zhejiang Dahua Technology Co.

Video Conference Management System is a video cloud conferencing service software developed specifically for small and medium-sized businesses. The video conference management system of Zhejiang Dahua Technology Co. Ltd. is logically vulnerable to weak password vulnerability. Attackers use the we...

Arbitrary file download vulnerability exists in the server management background of GoodView Video Conference Enterprise Edition (CNVD-2021-29146)

Shenzhen Yinpeng Cloud Computing Co., Ltd. is a domestic cloud computing products and services provider. Arbitrary file download vulnerability exists in the server management background of GoodView Video Conference Enterprise Edition, which can be exploited by attackers to obtain sensitive...