21 matches found
HP多款产品 安全漏洞
HP TC8 and HP TC10 are both a video conferencing system from Hewlett-Packard HP USA. A security vulnerability exists in various HP products that stems from sensitive data being written to log files, which could lead to information disclosure...
HP TC8 安全漏洞
HP TC8 is a video conferencing system from Hewlett-Packard HP in the United States. A security vulnerability exists in HP TC8 versions prior to 6.3.2, which stems from an inability to properly clean up user input...
CVE-2022-23488
BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are vulnerable to Insertion of Sensitive Information Into Sent Data. The moderators-only webcams lock setting is not enforced on the backend, which allows an attacker to subscribe to viewers' webcams, even when th...
CVE-2022-41964
CVE-2022-41964 affects BigBlueButton prior to version 2.4.0. The vulnerability allows a meeting presenter to subscribe to poll results before an anonymous poll starts, enabling viewing of individual responses in the poll. Root cause is an information-disclosure flaw in the poll result subscriptio...
Code injection
BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are subject to Ineffective user bans. The attacker could register multiple users, and join the meeting with one of them. When that user is banned, they could still join the meeting with the remaining registered...
CVE-2022-41962
BigBlueButton contains a vulnerability (CVE-2022-41962) described as Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other users, whereas moderators should only be able to set none. Affected versions are p...
PT-2022-26186 · Unknown · Bigbluebutton
Name of the Vulnerable Software and Affected Versions: BigBlueButton versions prior to 2.4-rc-6 BigBlueButton versions prior to 2.5-alpha-1 Description: BigBlueButton is an open source web conferencing system. The issue concerns Incorrect Authorization for setting emoji status. A user with...
CVE-2022-41960 BigBlueButton contains DoS via failed authToken validation
BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3, are subject to Insufficient Verification of Data Authenticity, resulting in Denial of Service. An attacker can make a Meteor call to validateAuthToken using a victim's userId, meetingId, and an invalid authToken. Th...
BigBlueButton Cross-Site Scripting Vulnerability (CNVD-2022-65311)
BigBlueButton is a Web conferencing system. versions prior to BigBlueButton 2.4.8 and prior to 2.5.0 have a cross-site scripting vulnerability that stems from the fact that users in private chat-enabled conferences are vulnerable to cross-site scripting attacks. An attacker could exploit the...
CVE-2022-31064
BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker with xss in the name starts a chat. in the victim's client the JavaScript will be executed...
Arbitrary File Download Vulnerability in v2 Video Conferencing System
V2 for short is a high-tech enterprise focusing on Internet audio and video communication technology, and v2 video conference system is one of its video conference systems. v2 video conferencing system has an arbitrary file download vulnerability, attackers can use the vulnerability to download t...
File Read Vulnerability in OM Web Video Conferencing System
The video conferencing system is a real-time interactive online meeting system. A file read vulnerability exists in OM Web Video Conferencing System, which can be exploited by attackers to obtain sensitive information...
SQL command execution vulnerability in the sysId parameter of Wyspeed V2 video conferencing system
Vizz V2 Video Conferencing System is a video conferencing system. A SQL command execution vulnerability exists in the sysId parameter of the Vizz V2 video conferencing system. It allows an attacker to remotely write a shell and gain server privileges...
SQL Injection Vulnerability in Gobetter Video Conferencing System of Beijing Gobetter Technology Co.
Gobalt network video conferencing system supports a variety of application scenarios such as work meetings, remote training, product sales, online seminars, consulting services and so on. There is a SQL injection vulnerability in the searchparam parameter of Gobetter videoconferencing system of...
SQL Injection Vulnerability in Video Conferencing System of Tangqiao Technology (Hangzhou) Co.
Video conferencing system is a remote collaborative video software, a kind of cloud conference system developed by Tangqiao Technology Hangzhou Co. The product suffers from an SQL injection vulnerability, which can be exploited by attackers to obtain database data...
Arbitrary File Read Vulnerability in Video Conferencing System of Tangqiao Technology (Hangzhou) Co.
Tangqiao Technology Hangzhou Co., Ltd. is the world's leading provider of converged video communication cloud services, video conferencing system is a remote collaborative video software. The product has an arbitrary file reading vulnerability, which can be exploited by an attacker to read server...
Multiple Vulnerabilities in Beijing Wisdom Technology v2 Video Conferencing System
Beijing Wisdom Technology v2 Video Conferencing System is a video conferencing system. There are several vulnerabilities in the v2 Video Conferencing System. It allows attackers to upload webshell and gain server privileges...
Armidale Software Yapp Conferencing System 2.2 - Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/365/info Armidale Software's Yapp Conferencing System is vulnerable to an environment variable related buffer overflow vulnerability in at least the Linux version. The consequence of the vulnerability being exploited is a...
Assange's Asylum In The Balance, Researcher Warns Ecuador's Deliberations Are Vulnerable To Online Snooping
With Wikileaks founder Julian Assange anxiously awaiting word from the government of Ecuador on his request for political asylum, a security researcher warns that the country’s Ministry of Foreign Affairs, which is handling the Assange asylum request, is using a video conferencing system that is...
Armidale Software Yapp Conferencing System 2.2 - Local Buffer Overflow
// source: https://www.securityfocus.com/bid/365/info Armidale Software's Yapp Conferencing System is vulnerable to an environment variable related buffer overflow vulnerability in at least the Linux version. The consequence of the vulnerability being exploited is a local root compromise. / Explo...