Lucene search
K

235 matches found

Cvelist
Cvelist
added 2024/11/21 10:54 p.m.17 views

CVE-2024-52055 Application Copy Path Traversal in Wowza Streaming Engine

Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to read any file on the file system if the target directory contains an XML definition file...

8.2CVSS0.00974EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/21 10:54 p.m.15 views

CVE-2024-52055 Application Copy Path Traversal in Wowza Streaming Engine

Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to read any file on the file system if the target directory contains an XML definition file...

8.2CVSS6.7AI score0.00974EPSS
Exploits0References2
CVE
CVE
added 2024/11/21 10:54 p.m.65 views

CVE-2024-52055

The CVE-2024-52055 vulnerability affects Wowza Streaming Engine Manager (the Manager web app) and is a path traversal issue in versions prior to 4.9.1. An administrator user can read arbitrary files on the server if the target directory contains an XML definition file, due to insufficient restric...

8.2CVSS6.3AI score0.00974EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/11/21 10:46 p.m.24 views

CVE-2024-52054 Application Creation Path Traversal in Wowza Streaming Engine

Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to create an XML definition file anywhere on the file system...

5.1CVSS0.00727EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/21 10:46 p.m.20 views

CVE-2024-52054 Application Creation Path Traversal in Wowza Streaming Engine

Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to create an XML definition file anywhere on the file system...

5.1CVSS6.8AI score0.00727EPSS
Exploits0References2
CVE
CVE
added 2024/11/21 10:46 p.m.70 views

CVE-2024-52054

Wowza Streaming Engine Manager in affected versions prior to 4.9.1 is vulnerable to a path traversal flaw that lets an administrator create an XML definition file anywhere on the file system due to insufficient directory path restrictions. Affected product: Wowza Streaming Engine (Manager compone...

5.1CVSS6.5AI score0.00727EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/11/21 10:31 p.m.17 views

CVE-2024-52053 Stored Cross-Site Scripting in Wowza Streaming Engine

Stored Cross-Site Scripting in the Manager component of Wowza Streaming Engine below 4.9.1 allows an unauthenticated attacker to inject client-side JavaScript into the web dashboard to automatically hijack admin accounts...

8.7CVSS0.00641EPSS
Exploits0References2
CVE
CVE
added 2024/11/21 10:31 p.m.58 views

CVE-2024-52053

CVE-2024-52053 affects Wowza Streaming Engine Manager prior to version 4.9.1, where an unauthenticated stored cross-site scripting (XSS) vulnerability in the Manager web dashboard can inject client-side JavaScript and enable hijacking of admin accounts. Technical details across connected sources ...

9.6CVSS5.9AI score0.00641EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/21 10:31 p.m.16 views

CVE-2024-52053 Stored Cross-Site Scripting in Wowza Streaming Engine

Stored Cross-Site Scripting in the Manager component of Wowza Streaming Engine below 4.9.1 allows an unauthenticated attacker to inject client-side JavaScript into the web dashboard to automatically hijack admin accounts...

8.7CVSS6.1AI score0.00641EPSS
Exploits0References2
CVE
CVE
added 2024/11/21 10:20 p.m.90 views

CVE-2024-52052

CVE-2024-52052 affects Wowza Streaming Engine prior to 4.9.1, with the vulnerability rooted in insufficient input validation in the Manager web dashboard. An authenticated Streaming Engine Manager administrator can define a custom application property and poison a stream target, enabling high-pri...

9.4CVSS7.3AI score0.00479EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/11/21 10:20 p.m.27 views

CVE-2024-52052 Stream Target Remote Code Execution in Wowza Streaming Engine

Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application property and poison a stream target for high-privilege remote code execution...

9.4CVSS0.00479EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/21 10:20 p.m.16 views

CVE-2024-52052 Stream Target Remote Code Execution in Wowza Streaming Engine

Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application property and poison a stream target for high-privilege remote code execution...

9.4CVSS7.6AI score0.00479EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/21 12:0 a.m.2 views

Wowza Media Systems Wowza Streaming Engine 路径遍历漏洞

Wowza Media Systems Wowza Streaming Engine is a powerful, customizable and extensible media server software from Wowza Media Systems, USA. It is used to reliably stream high-quality video and audio to any device, anywhere. A path traversal vulnerability exists in Wowza Media Systems Wowza Streami...

8.2CVSS6.5AI score0.00974EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/21 12:0 a.m.4 views

Wowza Media Systems Wowza Streaming Engine 安全漏洞

Wowza Media Systems Wowza Streaming Engine is a powerful, customizable and extensible media server software from Wowza Media Systems, USA. It is used to reliably stream high-quality video and audio to any device, anywhere. A security vulnerability exists in Wowza Media Systems Wowza Streaming...

9.4CVSS6.7AI score0.00479EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/21 12:0 a.m.8 views

Wowza Media Systems Wowza Streaming Engine 路径遍历漏洞

Wowza Media Systems Wowza Streaming Engine is a powerful, customizable and scalable media server software from Wowza Media Systems, Inc. It is used to reliably stream high-quality video and audio to any device, anywhere. A path traversal vulnerability exists in Wowza Media Systems Wowza Streaming...

5.1CVSS6.6AI score0.00727EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/21 12:0 a.m.6 views

Wowza Media Systems Wowza Streaming Engine 路径遍历漏洞

Wowza Media Systems Wowza Streaming Engine is a powerful, customizable and scalable media server software from Wowza Media Systems, Inc. It is used to reliably stream high-quality video and audio to any device, anywhere. A path traversal vulnerability exists in Wowza Media Systems Wowza Streaming...

6.9CVSS6.5AI score0.00677EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/21 12:0 a.m.5 views

Wowza Media Systems Wowza Streaming Engine 跨站脚本漏洞

Wowza Media Systems Wowza Streaming Engine is a powerful, customizable and extensible media server software from Wowza Media Systems, USA. It is used to reliably stream high-quality video and audio to any device, anywhere. A cross-site scripting vulnerability exists in Wowza Media Systems Wowza...

9.6CVSS6AI score0.00641EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2024/11/20 4:42 p.m.29 views

Multiple Vulnerabilities in Wowza Streaming Engine (Fixed)

Wowza Streaming Engine below v4.9.1 is vulnerable to multiple vulnerabilities on Linux and Windows. An unauthenticated attacker can poison the Wowza Streaming Engine Manager web dashboard with a stored cross-site scripting “XSS” payload. When an administrator views the poisoned dashboard,...

9.4CVSS7AI score0.00974EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/11/20 4:42 p.m.5 views

Multiple Vulnerabilities in Wowza Streaming Engine (Fixed)

Wowza Streaming Engine below v4.9.1 is vulnerable to multiple vulnerabilities on Linux and Windows. An unauthenticated attacker can poison the Wowza Streaming Engine Manager web dashboard with a stored cross-site scripting “XSS” payload. When an administrator views the poisoned dashboard,...

9.6CVSS7.7AI score0.00974EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/07/30 12:0 a.m.3 views

PT-2024-8650 · Wowza · Wowza Streaming Engine

Name of the Vulnerable Software and Affected Versions: Wowza Streaming Engine versions prior to 4.9.1 Description: The issue is related to Stored Cross-Site Scripting in the Manager component, which allows an unauthenticated attacker to inject client-side JavaScript into the web dashboard. This c...

9.6CVSS5.8AI score0.00641EPSS
Exploits0References6
Rows per page
Query Builder