Lucene search
K

21 matches found

CNNVD
CNNVD
added 2025/12/16 12:0 a.m.5 views

HP多款产品 安全漏洞

HP TC8 and HP TC10 are both a video conferencing system from Hewlett-Packard HP USA. A security vulnerability exists in various HP products that stems from sensitive data being written to log files, which could lead to information disclosure...

8.1CVSS6.3AI score0.00344EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/05 12:0 a.m.5 views

HP TC8 安全漏洞

HP TC8 is a video conferencing system from Hewlett-Packard HP in the United States. A security vulnerability exists in HP TC8 versions prior to 6.3.2, which stems from an inability to properly clean up user input...

7.5CVSS6.6AI score0.0039EPSS
Exploits0References1
NVD
NVD
added 2022/12/17 1:15 a.m.21 views

CVE-2022-23488

BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are vulnerable to Insertion of Sensitive Information Into Sent Data. The moderators-only webcams lock setting is not enforced on the backend, which allows an attacker to subscribe to viewers' webcams, even when th...

7.5CVSS0.0057EPSS
Exploits0References2
CVE
CVE
added 2022/12/16 5:17 p.m.94 views

CVE-2022-41964

CVE-2022-41964 affects BigBlueButton prior to version 2.4.0. The vulnerability allows a meeting presenter to subscribe to poll results before an anonymous poll starts, enabling viewing of individual responses in the poll. Root cause is an information-disclosure flaw in the poll result subscriptio...

5.7CVSS5.4AI score0.00551EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/12/16 1:15 p.m.24 views

Code injection

BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are subject to Ineffective user bans. The attacker could register multiple users, and join the meeting with one of them. When that user is banned, they could still join the meeting with the remaining registered...

4CVSS4.5AI score0.0028EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/12/16 12:45 p.m.91 views

CVE-2022-41962

BigBlueButton contains a vulnerability (CVE-2022-41962) described as Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other users, whereas moderators should only be able to set none. Affected versions are p...

2.7CVSS3.5AI score0.00655EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/16 12:0 a.m.4 views

PT-2022-26186 · Unknown · Bigbluebutton

Name of the Vulnerable Software and Affected Versions: BigBlueButton versions prior to 2.4-rc-6 BigBlueButton versions prior to 2.5-alpha-1 Description: BigBlueButton is an open source web conferencing system. The issue concerns Incorrect Authorization for setting emoji status. A user with...

2.7CVSS3.7AI score0.00655EPSS
Exploits0References7
OSV
OSV
added 2022/12/15 11:56 p.m.28 views

CVE-2022-41960 BigBlueButton contains DoS via failed authToken validation

BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3, are subject to Insufficient Verification of Data Authenticity, resulting in Denial of Service. An attacker can make a Meteor call to validateAuthToken using a victim's userId, meetingId, and an invalid authToken. Th...

4.3CVSS4.9AI score0.00361EPSS
Exploits0References5
CNVD
CNVD
added 2022/06/30 12:0 a.m.20 views

BigBlueButton Cross-Site Scripting Vulnerability (CNVD-2022-65311)

BigBlueButton is a Web conferencing system. versions prior to BigBlueButton 2.4.8 and prior to 2.5.0 have a cross-site scripting vulnerability that stems from the fact that users in private chat-enabled conferences are vulnerable to cross-site scripting attacks. An attacker could exploit the...

2.1CVSS4AI score0.01179EPSS
Exploits3Affected Software1
NVD
NVD
added 2022/06/27 8:15 p.m.43 views

CVE-2022-31064

BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker with xss in the name starts a chat. in the victim's client the JavaScript will be executed...

6.5CVSS0.01179EPSS
Exploits3References6
CNVD
CNVD
added 2020/12/11 12:0 a.m.3 views

Arbitrary File Download Vulnerability in v2 Video Conferencing System

V2 for short is a high-tech enterprise focusing on Internet audio and video communication technology, and v2 video conference system is one of its video conference systems. v2 video conferencing system has an arbitrary file download vulnerability, attackers can use the vulnerability to download t...

7.1AI score
Exploits0
CNVD
CNVD
added 2020/06/23 12:0 a.m.1 views

File Read Vulnerability in OM Web Video Conferencing System

The video conferencing system is a real-time interactive online meeting system. A file read vulnerability exists in OM Web Video Conferencing System, which can be exploited by attackers to obtain sensitive information...

6.7AI score
Exploits0
CNVD
CNVD
added 2017/02/17 12:0 a.m.2 views

SQL command execution vulnerability in the sysId parameter of Wyspeed V2 video conferencing system

Vizz V2 Video Conferencing System is a video conferencing system. A SQL command execution vulnerability exists in the sysId parameter of the Vizz V2 video conferencing system. It allows an attacker to remotely write a shell and gain server privileges...

7.9AI score
Exploits0References1
CNVD
CNVD
added 2016/08/29 12:0 a.m.4 views

SQL Injection Vulnerability in Gobetter Video Conferencing System of Beijing Gobetter Technology Co.

Gobalt network video conferencing system supports a variety of application scenarios such as work meetings, remote training, product sales, online seminars, consulting services and so on. There is a SQL injection vulnerability in the searchparam parameter of Gobetter videoconferencing system of...

8AI score
Exploits0References1
CNVD
CNVD
added 2016/07/29 12:0 a.m.1 views

SQL Injection Vulnerability in Video Conferencing System of Tangqiao Technology (Hangzhou) Co.

Video conferencing system is a remote collaborative video software, a kind of cloud conference system developed by Tangqiao Technology Hangzhou Co. The product suffers from an SQL injection vulnerability, which can be exploited by attackers to obtain database data...

8AI score
Exploits0References1
CNVD
CNVD
added 2016/07/29 12:0 a.m.1 views

Arbitrary File Read Vulnerability in Video Conferencing System of Tangqiao Technology (Hangzhou) Co.

Tangqiao Technology Hangzhou Co., Ltd. is the world's leading provider of converged video communication cloud services, video conferencing system is a remote collaborative video software. The product has an arbitrary file reading vulnerability, which can be exploited by an attacker to read server...

7AI score
Exploits0References1
CNVD
CNVD
added 2016/05/21 12:0 a.m.2 views

Multiple Vulnerabilities in Beijing Wisdom Technology v2 Video Conferencing System

Beijing Wisdom Technology v2 Video Conferencing System is a video conferencing system. There are several vulnerabilities in the v2 Video Conferencing System. It allows attackers to upload webshell and gain server privileges...

7.2AI score
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

Armidale Software Yapp Conferencing System 2.2 - Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/365/info Armidale Software's Yapp Conferencing System is vulnerable to an environment variable related buffer overflow vulnerability in at least the Linux version. The consequence of the vulnerability being exploited is a...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2012/06/27 5:59 p.m.12 views

Assange's Asylum In The Balance, Researcher Warns Ecuador's Deliberations Are Vulnerable To Online Snooping

With Wikileaks founder Julian Assange anxiously awaiting word from the government of Ecuador on his request for political asylum, a security researcher warns that the country’s Ministry of Foreign Affairs, which is handling the Assange asylum request, is using a video conferencing system that is...

7.1AI score
Exploits0References6
Exploit DB
Exploit DB
added 1998/01/20 12:0 a.m.27 views

Armidale Software Yapp Conferencing System 2.2 - Local Buffer Overflow

// source: https://www.securityfocus.com/bid/365/info Armidale Software's Yapp Conferencing System is vulnerable to an environment variable related buffer overflow vulnerability in at least the Linux version. The consequence of the vulnerability being exploited is a local root compromise. / Explo...

7.4AI score
Exploits0
Rows per page
Query Builder