CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to delete any directory on the file system if the target directory contains an XML definition file...

6.5CVSS5.8AI score0.00167EPSS

Exploits0References2

NVD•added 2024/11/21 11:15 p.m.•16 views

CVE-2024-52054

Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to create an XML definition file anywhere on the file system...

5.1CVSS0.00204EPSS

Exploits0References2

OSV•added 2024/11/21 11:15 p.m.•3 views

CVE-2024-52054

Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to create an XML definition file anywhere on the file system...

2.7CVSS5.8AI score0.00204EPSS

Exploits0References2

NVD•added 2024/11/21 11:15 p.m.•13 views

CVE-2024-52055

Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to read any file on the file system if the target directory contains an XML definition file...

8.2CVSS0.00184EPSS

Exploits0References2

OSV•added 2024/11/21 11:15 p.m.•2 views

CVE-2024-52055

4.9CVSS5.8AI score

Exploits0References2

Cvelist•added 2024/11/21 10:59 p.m.•12 views

CVE-2024-52056 Application Delete Path Traversal in Wowza Streaming Engine

6.9CVSS0.00167EPSS

Exploits0References2

CVE•added 2024/11/21 10:54 p.m.•55 views

CVE-2024-52055

The CVE-2024-52055 vulnerability affects Wowza Streaming Engine Manager (the Manager web app) and is a path traversal issue in versions prior to 4.9.1. An administrator user can read arbitrary files on the server if the target directory contains an XML definition file, due to insufficient restric...

8.2CVSS6.3AI score0.00184EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2024/11/21 10:54 p.m.•13 views

CVE-2024-52055 Application Copy Path Traversal in Wowza Streaming Engine

8.2CVSS6.7AI score0.00184EPSS

Exploits0References2

Vulnrichment•added 2024/11/21 10:46 p.m.•18 views

CVE-2024-52054 Application Creation Path Traversal in Wowza Streaming Engine

Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to create an XML definition file anywhere on the file system...

5.1CVSS6.8AI score0.00204EPSS

Exploits0References2

Positive Technologies•added 2024/07/30 12:0 a.m.•2 views

PT-2024-8654 · Wowza · Wowza Streaming Engine

Name of the Vulnerable Software and Affected Versions: Wowza Streaming Engine versions prior to 4.9.1 Description: The issue is related to a path traversal vulnerability in the Manager component of Wowza Streaming Engine. This vulnerability allows an administrator user to delete any directory on...

6.9CVSS7.4AI score0.00167EPSS

Exploits0References6

Positive Technologies•added 2024/07/30 12:0 a.m.•1 views

PT-2024-8653 · Wowza · Wowza Streaming Engine

8.2CVSS7AI score0.00184EPSS

Exploits0References6

Github Security Blog•added 2023/12/01 12:31 a.m.•47 views

Apache Tiles: Unvalidated input may lead to path traversal and XXE

The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relativel...

7.5CVSS7.5AI score0.00567EPSS

Exploits0References3Affected Software3

OSV•added 2023/11/30 10:15 p.m.•14 views

CVE-2023-49735

UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...

7.5CVSS6.2AI score

Exploits0References1