4441 matches found
CVE-2022-32778
An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the...
CVE-2022-33147
A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the aVideoEncoder...
CVE-2022-32778
An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the...
CVE-2022-33147
A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the aVideoEncoder...
CVE-2022-32761
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2022-29468
A cross-site request forgery CSRF vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability...
CVE-2022-28710
An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability...
Command injection
An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability...
Sql injection
A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the CloneSite plugi...
Sql injection
A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules...
Sql injection
A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the aVideoEncoder...
Sql injection
A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules...
CVE-2022-34652
WWBN AVideo multiple CVEs describe a SQL injection in ObjectYPT’s Live Schedules feature for version 11.6 and dev master commit 3f7c0364. The vulnerability arises from unsanitized input used to build SQL in ObjectYPT, Live_schedule and related classes (notably description/title fields) via insert...
CVE-2022-33147
WWBN AVideo 11.6 (and dev master commit 3f7c0364) is affected by CVE-2022-33147 via the ObjectYPT/Video encoding path. The vulnerability is a SQL injection in the aVideoEncoder.save flow, where unsanitized inputs setDuration and setVideoDownloadedLink can be embedded into SQL during INSERT/UPDATE...
CVE-2022-32778
An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the...
CVE-2022-32772
A cross-site scripting xss vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger...
PT-2022-22271 · Wwbn · Avideo
Name of the Vulnerable Software and Affected Versions: WWBN AVideo version 11.6 WWBN AVideo dev master commit 3f7c0364 Description: A SQL injection issue exists in the ObjectYPT functionality, specifically within the Live Schedules plugin. This allows an attacker to inject SQL by manipulating the...
PT-2022-21452 · Wwbn · Avideo
Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 and dev master commit 3f7c0364 Description: A cross-site scripting xss vulnerability exists in the footer alerts functionality. This issue allows for arbitrary Javascript execution through a specially-crafted HTTP...
Malicious code in webpback-dev-esrver (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5a8d0d272d86340f504944bad6bcbfca405fd215d44bdb0a9b2e77110713c88a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-7105 Malicious code in webpback-dev-esrver (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5a8d0d272d86340f504944bad6bcbfca405fd215d44bdb0a9b2e77110713c88a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...