Lucene search

K
ApacheOpenmeetings

9 matches found

CVE
CVE
added 2020/09/30 6:15 p.m.99 views

CVE-2020-13951

Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.

7.5CVSS7.3AI score0.49524EPSS
CVE
CVE
added 2021/03/15 9:15 a.m.80 views

CVE-2021-27576

If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0

7.5CVSS7.3AI score0.05921EPSS
CVE
CVE
added 2017/07/17 1:18 p.m.61 views

CVE-2017-7683

Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure.

7.5CVSS7.6AI score0.00609EPSS
CVE
CVE
added 2017/07/17 1:18 p.m.58 views

CVE-2017-7684

Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server.

7.5CVSS7.3AI score0.01505EPSS
CVE
CVE
added 2017/07/17 1:18 p.m.57 views

CVE-2017-7688

Apache OpenMeetings 1.0.0 updates user password in insecure manner.

7.5CVSS7.6AI score0.0111EPSS
CVE
CVE
added 2016/04/11 2:59 p.m.54 views

CVE-2016-2164

The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.

7.5CVSS7.4AI score0.01232EPSS
CVE
CVE
added 2017/07/17 1:18 p.m.51 views

CVE-2017-7680

Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains.

7.5CVSS7.5AI score0.01253EPSS
CVE
CVE
added 2016/04/11 2:59 p.m.39 views

CVE-2016-0783

The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time.

7.5CVSS7.6AI score0.01465EPSS
CVE
CVE
added 2023/05/12 8:15 a.m.39 views

CVE-2023-29246

An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0

7.2CVSS7.1AI score0.00065EPSS