4 matches found
CVE-2020-36894
Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can send crafted serialized objects to the /messagebroker/amf endpoint to create administrative...
EUVD-2020-30839
Eibiz i-Media Server Digital Signage 3.8.0 contains a directory traversal vulnerability that allows unauthenticated remote attackers to access files outside the server's root directory. Attackers can exploit the 'oldfile' GET parameter to view sensitive configuration files like web.xml and system...
CVE-2020-36894 Eibiz i-Media Server Digital Signage 3.8.0 Unauthenticated User Creation Vulnerability
Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can send crafted serialized objects to the /messagebroker/amf endpoint to create administrative...
Eibiz i-Media Server Digital Signage 访问控制错误漏洞
Eibiz i-Media Server Digital Signage is a digital signage server from Eibiz Thailand. An access control error vulnerability exists in Eibiz i-Media Server Digital Signage version 3.8.0, which stems from the existence of elevation of privilege in the updateUser object, which could lead to account...