16 matches found
Authorization Bypass Through User-Controlled Key
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the save.json.php process. An attacker can access and exfiltrate confidential AI-generated metadata and...
CVE-2026-33493 AVideo has a Path Traversal in import.json.php that Allows Private Video Theft and Arbitrary File Read/Deletion via fileURI Parameter
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/import.json.php endpoint accepts a user-controlled fileURI POST parameter with only a regex check that the value ends in .mp4. Unlike objects/listFiles.json.php, which was hardened with a realpath +...
CVE-2026-33493 AVideo has a Path Traversal in import.json.php that Allows Private Video Theft and Arbitrary File Read/Deletion via fileURI Parameter
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/import.json.php endpoint accepts a user-controlled fileURI POST parameter with only a regex check that the value ends in .mp4. Unlike objects/listFiles.json.php, which was hardened with a realpath +...
EUVD-2020-16951
Malware in sbrugna...
TikTok: View thumbnail of any private video (friends or followers only) of Private/Public account
Vulnerability description not provided...
PeerTube Access Control Error Vulnerability (CNVD-2022-18322)
PeerTube is a decentralized video sharing service platform. Used to produce video projects, PeerTube suffers from an access control error vulnerability that stems from a network system or product that does not properly restrict access to resources from unauthorized roles, which could be exploited...
PeerTube 访问控制错误漏洞
PeerTube is a decentralized video sharing service platform. Used to produce video projects, PeerTube suffers from an access control error vulnerability that stems from a network system or product that does not properly restrict access to resources from unauthorized roles, which could be exploited...
Hardcoded credentials
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. When the administrator configures a secret URL for RTSP streaming, the stream is still available via its default name such as /0. Unauthenticated attackers can view video streams that are meant to b...
CVE-2020-24216
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. When the administrator configures a secret URL for RTSP streaming, the stream is still available via its default name such as /0. Unauthenticated attackers can view video streams that are meant to b...
Popular TP-Link Family of Kasa Security Cams Vulnerable to Attack
A popular consumer-grade security camera made by TP-Link and sold under the Kasa brand has bevy of bugs that open the hardware to remote attacks, such as giving hackers access to private video feeds and the ability to change device settings. The researcher Jason Kent, with Cequence Security,...
Brazzers Scenes Direct Download Private Video Vulnerability
A manageable direct download for Brazzers’ scenes suffer in any available quality. It is sort of authentication backdoor. This is private exploit. You can buy it at https://0day.today...
Pornhub: View storyboard of private video @ ht.pornhub.com
The researcher was able abuse the API in order to leak the thumbnails of private videos...
Vimeo: USER PRIVACY VIOLATED (PRIVATE DATA GETTING TRANSFER OVER INSECURE CHANNEL )
Hello Team , Description : this report is about how a users private data is getting exploded over insecure channel . while testing the iOS App of Vimeo , i am analyzing all the traffics and came to know the video which is uploaded in my account and which privacy setting is private only is getting...
FreeBSD : opera -- multiple vulnerabilities (aab187d4-e0f3-11df-b1ea-001999392805)
The Opera Desktop Team reports : - Fixed an issue that allowed cross-domain checks to be bypassed, allowing limited data theft using CSS, as reported by Isaac Dawson. - Fixed an issue where manipulating the window could be used to spoof the page address. - Fixed an issue with reloads and redirect...
Opera < 10.63 Multiple Vulnerabilities
Binary data 5678.prm...
Private video streams can be intercepted – Opera Security Advisories
Private video streams can be intercepted – Opera Security Advisories OPCOM Team | October 6, 2010 Severity Moderate Description Video content may be used as filler content for a HTML5 canvas, if the video format is natively supported by Opera. If the video and page are from the same site, the...