📄 Logitech Streamlabs Desktop 1.19.6 CPU Exhaustion

Logitech Streamlabs Desktop version 1.19.6 has a vulnerability where importing a crafted .overlay file can cause uncontrolled CPU consumption, leading to a denial-of-service condition. The .overlay file is an archive containing a config.json configuration. By inserting an excessively large string...

Logitech Streamlabs Desktop 1.19.6 (overlay) CPU Exhaustion

Summary Streamlabs Desktop is a free streaming and recording software, built on OBS Studio, for content creators to stream live to platforms like Twitch, YouTube, and Facebook. It is designed to be beginner-friendly and offers tools for creating engaging streams, such as customizable overlays,...

EUVD-2022-38981

Malicious code in bioql PyPI...

CVE-2022-36263

StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file...

CVE-2022-36263

StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file...

Improper access control

StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file...

CVE-2022-36263

StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file...

CVE-2022-36263

StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file...

CVE-2022-36263

CVE-2022-36263 affects StreamLabs Desktop Application 1.9.0. The vulnerability originates from Incorrect Access Control in the obs64.exe component, allowing an attacker to execute arbitrary code by supplying a crafted .exe file. Documents consistently describe the impact as arbitrary code executi...

PT-2022-23281 · Streamlabs · Streamlabs Desktop Application

Name of the Vulnerable Software and Affected Versions: StreamLabs Desktop Application version 1.9.0 Description: The issue is related to Incorrect Access Control via the obs64.exe component. An attacker can execute arbitrary code by using a crafted .exe file. Recommendations: For StreamLabs Deskt...

StreamLabs Desktop Application 安全漏洞

StreamLabs Desktop Application is a free live streaming and recording software from StreamLabs USA. A security vulnerability exists in StreamLabs Desktop Application version 1.9.0, which stems from the presence of incorrect access control via obs64.exe, and allows an attacker to execute arbitrary...

Logitech: Privilege Escalation Leads to Control The Owner Access Token Which leads to control the stream [streamlabs.com]

Hi Security team, Summary: I was able as Administrator to change the account owner access token Description: As Administrator i have high privileges but i have some restricted areas F1278364 For example i got invitation from MrX with Administrator role. When i navigated to MrX account as...

The Gaming Platforms That Let Streamers Profit From Hate

WIRED has found dozens of far-right and white supremacist figures monetizing their livestreams through “donation management services” Streamlabs and StreamElements...

Logitech: Sensitive information disclosure to shared access user via streamlabs platform api

Summary: Hi there, Hope you are doing well and stay safe. Streamlab allows us to invite other users to manage our dashboard and cloudbot functions via following setting which named "Shared Access". https://streamlabs.com/dashboard/settings/shared-access If we invite other users with Moderator rol...

Logitech: Manipulating response leads to free access to Streamlabs Prime

Heyy team, I have a found cool bug which allows me to get access to streamlabs prime features for free. Here is the api endpoint which checks whether the user has a prime subscription or not: https://streamlabs.com/api/v5/user/prime/subscription json "isactive": false, "ispending": false,...

Logitech: Stored XSS in [https://streamlabs.com/dashboard#/*goal] pages

Heyy there, I have found a stored xss vulnerability in the following goals setting pages. https://streamlabs.com/dashboard/followergoal https://streamlabs.com/dashboard/bitgoal https://streamlabs.com/dashboard/subgoal https://streamlabs.com/dashboard/tiltifydonationgoal...

Logitech: One Click Account takeover using Ouath CSRF bypass by adding Null byte %00 in state parameter on www.streamlabs.com

Summary Hello Team I have found a bypass to the this report. 1039749 Steps To Reproduce: 1. Login to attacker's account and go to settings -- account settings. 2. Intercept the request in burp suite and click on merge twitch account. 3. Allow twitch access and once you see a get request in burp...

Logitech: IDOR when creating App on [platform.streamlabs.com/api/v1/store/whitelist] with user_id field

Summary: Hi team, There is a IDOR when applying to platform.streamlabs.com after loginning. If you login to platform.streamlabs.com and click Create App. You will see the "apply form". And if you submit it, you will see the userid parameter in JSON data of the apply request. api/v1/store/whitelis...

streamlabs.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1164638 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

staging-youtube.streamlabs.com Open Redirect vulnerability

Vulnerable URL: https://staging-youtube.streamlabs.com/logout?r=https://www.openbugbounty.org/ Details: Description| Value ---|--- Patched:| Yes, at 28.07.2017 Latest check for patch:| 28.07.2017 12:28 GMT Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank|...