6 matches found
CVE-2026-56345
AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint that derives the target usersid from the uploaded filename without verification. An attacker with knowledge of the Meet shared secret can craft a malicious file upload wit...
CVE-2026-56345 AVideo - Arbitrary User Session Hijacking via Meet Plugin uploadRecordedVideo Endpoint
AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint that derives the target usersid from the uploaded filename without verification. An attacker with knowledge of the Meet shared secret can craft a malicious file upload wit...
Sextortion “I recorded you” emails reuse passwords found in disposable inboxes
Our malware removal support team recently flagged a new wave of sextortion emails, with the subject line: “You pervert, I recorded you!” If the message sounds familiar, that's because it's a variation of the long-running "Hello pervert" scam. The email claims the target’s device has been infected...
Cross-site Scripting (XSS) - Stored in knadh/listmonk
✍️ Description Stored xss 🕵️♂️ Proof of Concept Check this recorded video https://drive.google.com/file/d/1wlbisKCbYUZprOkAGzWGRQm0f-LDRD/view?usp=sharing 💥 Impact xss...
CVE-2019-12763
The Security Camera CZ application through 1.6.8 for Android stores potentially sensitive recorded video in external data storage, which is readable by any application...
Avira Analysis - Filter Bypass & SQL Injection Vulnerability
Document Title: =============== Avira Analysis - Filter Bypass & SQL Injection Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=998 Public Video: http://www.youtube.com/watch?v=128cIzgt2EI Advisory: http://www.vulnerability-lab.com/getcontent.php?id=997...