20 matches found
EUVD-2022-38792
Malicious code in bioql PyPI...
The vulnerability of microprogrammed software in telephones and audio conferencing systems, related to deficiencies in authentication procedures, allows attackers to escalate their privileges.
The vulnerability of microprogrammed software in telephones and audio conferencing systems is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of microprogrammed software in telephones and audio conferencing systems for Poly allows a intruder to change the administrator password.
The vulnerability of microprogrammed software in telephones and audio conferencing systems is related to the lack of necessary checks during password changes. Exploiting this vulnerability can allow a remote attacker to change the administrator’s password...
CVE-2023-28845
Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation, even if they...
CVE-2023-28845 Chat room membership disclosed via autocompletion in Nextcloud talk
Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation, even if they...
CVE-2023-28845
CVE-2023-28845 affects Nextcloud Talk (the video/audio conferencing app) and stems from improper filtering of access to a conversation’s member list. This could allow an attacker to retrieve information about members of a Talk conversation even if they are not a member themselves. Public disclosu...
CVE-2022-41971
Nextcould Talk android is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0, guests can continue to receive video streams from a call after being removed from a conversation. An attacker would be able to see videos on a call in a public...
CVE-2022-24890
CVE-2022-24890 (Nextcloud Talk) affects Nextcloud Talk prior to versions 13.0.5 and 14.0.0, where a call moderator could indirectly enable a user's webcam by granting permissions that were removed. The underlying issue is exposure of webcam permissions that could be re-enabled without user consen...
CVE-2022-24890 Exposure of Private Personal Information to an Unauthorized Actor in Nextcloud Talk
Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There...
CVE-2022-24887
Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed...
Code injection
Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed...
CVE-2022-24887
CVE-2022-24887 – Open Redirect in Nextcloud Talk : The issue affects Nextcloud Talk prior to versions 11.3.4, 12.2.2, and 13.0.0. When sharing a Deck card in a conversation, the metaData can be manipulated to trick users into opening arbitrary URLs. The vulnerability is fixed in the cited patched...
Mitel Networks MiCollab Licensing Issue Vulnerability
An authorization issue vulnerability exists in Mitel Networks MiCollab, a mobile application from Mitel Networks Canada that provides voice, video, messaging, audio conferencing, and team collaboration for employees, and stems from the product's MiCollab Client Service component does not validate...
Bugs in Grandstream Gear Lay Open SMBs to Range of Attacks
A series of both unauthenticated and authenticated remote code-execution vulnerabilities have been uncovered in a variety of Grandstream products for small to medium-sized businesses, including audio and video conferencing units, IP video phones, routers and IP PBXs. Affected Products According t...
Cisco WebEx Training Center Email验证绕过音频会议加入漏洞
Bugtraq ID:64281 CVE ID:CVE-2013-6965 Cisco WebEx Training Center是一款互动式培训解决方案,可开展电子教学。 Cisco WebEx Training Center培训中心注册页面存在安全漏洞,允许未验证远程攻击者无需要提供合法Email地址加入培训会议的音频会议。漏洞是由于注册结束之前泄漏了培训会话信息URL,攻击者可收集泄漏URL中的培训会话访问代码和密码,使用这些信息加入受限会议。 0 Cisco WebEx Training Center 厂商补丁: Cisco ----- 用户可参考如下厂商提供的安全公告获得补丁信...
Remotely Exploitable Bug Affects Wide Range of Cisco TelePresence Systems
There’s a serious vulnerability in Cisco’s popular TelePresence system that could give an attacker complete control of the affected system. The vulnerability affects a broad range of TelePresence models, although there are workarounds available. The vulnerability results from the fact that there...
[DDSi-SA] XSS in Raindance Communications Web Conferencing Pro
-= DDSi Security Advisory =- March 24, 2006 ---------------------------------------------------------------- Vendor: Raindance Communications, Inc. Raindance offers audio and web conferencing solutions for more effective web meetings. Integrated web, audio and internet video conferencing makes...
CVE-2003-1129
Vulnerability: Yahoo! Audio Conferencing (Voice Chat) ActiveX control prior to 1.0.0.45 is affected by a buffer overflow when processing a URL with a long hostname to Yahoo! Messenger/Chat. Impact: remote DoS and possible arbitrary code execution. Affected component: Yahoo! Audio Conferencing Act...
CVE-2003-1129
Buffer overflow in the Yahoo! Audio Conferencing aka Voice Chat ActiveX control before 1,0,0,45 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a URL with a long hostname to Yahoo! Messenger or Yahoo! Chat...
CVE-2003-1129
Buffer overflow in the Yahoo! Audio Conferencing aka Voice Chat ActiveX control before 1,0,0,45 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a URL with a long hostname to Yahoo! Messenger or Yahoo! Chat...