CVE-2023-49863

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the downloadURLwebpimage parameter...

CVE-2023-49738

An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read...

Design/Logic Flaw

A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user...

PT-2024-13424 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 and dev master commit 15fed957fb Description: An information disclosure issue exists in the aVideoEncoder.json.php chunkFile path functionality. A specially crafted HTTP request can lead to arbitrary file read...

PT-2024-13524 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo dev master commit 15fed957fb Description: A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send a serie...

WWBN AVideo navbarMenuAndLogo.php user name cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2023-1882 WWBN AVideo navbarMenuAndLogo.php user name cross-site scripting XSS vulnerability January 10, 2024 CVE Number CVE-2023-48730 SUMMARY A cross-site scripting xss vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev...