Lucene search
K
WowzaStreaming Engine

26 matches found

CVE
CVE
added 2020/05/18 4:40 p.m.105 views

CVE-2019-19454

The CVE-2019-19454 issue affects Wowza Streaming Engine (

7.5CVSS7.5AI score0.01551EPSS
CVE
CVE
added 2020/05/18 4:43 p.m.102 views

CVE-2019-19456

CVE-2019-19456 describes a reflected XSS in Wowza Streaming Engine (

6.1CVSS5.9AI score0.00997EPSS
CVE
CVE
added 2024/11/21 10:20 p.m.90 views

CVE-2024-52052

CVE-2024-52052 affects Wowza Streaming Engine prior to 4.9.1, with the vulnerability rooted in insufficient input validation in the Manager web dashboard. An authenticated Streaming Engine Manager administrator can define a custom application property and poison a stream target, enabling high-pri...

9.4CVSS7.3AI score0.00479EPSS
CVE
CVE
added 2019/03/18 7:58 p.m.72 views

CVE-2018-19365

Wowza Streaming Engine 4.7.4.01 REST API is vulnerable to directory-traversal, allowing remote attackers to read arbitrary files via crafted HTTP requests. Root cause: insufficient validation in the REST API path enables traversal of the server’s directory structure. Impact: potential unauthorize...

9.1CVSS9.1AI score0.22292EPSS
In wild
CVE
CVE
added 2024/11/21 10:46 p.m.71 views

CVE-2024-52054

Wowza Streaming Engine Manager in affected versions prior to 4.9.1 is vulnerable to a path traversal flaw that lets an administrator create an XML definition file anywhere on the file system due to insufficient directory path restrictions. Affected product: Wowza Streaming Engine (Manager compone...

5.1CVSS6.5AI score0.00727EPSS
CVE
CVE
added 2021/10/05 3:12 p.m.67 views

CVE-2021-35492

The CVE affects Wowza Streaming Engine up to version 4.8.11+5. An authenticated, remote attacker could exhaust filesystem resources by repeatedly requesting random virtual-host historical data through the /enginemanager/server/vhost/historical.jsdata parameter in the Virtual Host Monitoring secti...

6.5CVSS6.4AI score0.03284EPSS
Web
CVE
CVE
added 2020/04/14 2:50 p.m.66 views

CVE-2020-9004

CVE-2020-9004 describes a remote authenticated authorization-bypass in Wowza Streaming Engine (versions 4.8.0 and earlier) where a read-only user could issue requests to the admin panel to change functionality, including activating the Java JMX port in unauthenticated mode and executing OS comman...

9CVSS8.5AI score0.03531EPSS
CVE
CVE
added 2024/11/21 10:54 p.m.65 views

CVE-2024-52055

The CVE-2024-52055 vulnerability affects Wowza Streaming Engine Manager (the Manager web app) and is a path traversal issue in versions prior to 4.9.1. An administrator user can read arbitrary files on the server if the target directory contains an XML definition file, due to insufficient restric...

8.2CVSS6.3AI score0.00974EPSS
CVE
CVE
added 2021/04/23 4:11 p.m.61 views

CVE-2021-31539

CVE-2021-31539 affects Wowza Streaming Engine prior to 4.8.8.01. In default installations, cleartext passwords are stored in conf/admin.password, allowing a local user to read usernames and passwords. Multiple connected sources confirm the issue and reference the 4.8.8.01 release as the fix. Reme...

5.5CVSS5.2AI score0.00299EPSS
CVE
CVE
added 2021/04/23 4:10 p.m.60 views

CVE-2021-31540

CVE-2021-31540 affects Wowza Streaming Engine up to version 4.8.5 in a default installation. The root cause is incorrect file permissions in the conf/ directory, allowing a regular local user to read and write all configuration files and potentially modify the application server configuration. Do...

7.1CVSS6.7AI score0.00389EPSS
CVE
CVE
added 2024/11/21 10:31 p.m.59 views

CVE-2024-52053

CVE-2024-52053 affects Wowza Streaming Engine Manager prior to version 4.9.1, where an unauthenticated stored cross-site scripting (XSS) vulnerability in the Manager web dashboard can inject client-side JavaScript and enable hijacking of admin accounts. Technical details across connected sources ...

9.6CVSS5.9AI score0.00641EPSS
CVE
CVE
added 2020/08/03 1:25 p.m.58 views

CVE-2019-19455

CVE-2019-19455 affects Wowza Streaming Engine prior to 4.8.5. The issue is insecure permissions in /usr/local/WowzaStreamingEngine/manager/bin/ that could let a local attacker write arbitrary commands and execute them as root, enabling privilege escalation. Resolution: fixed in 4.8.5. Connected s...

7.8CVSS7.7AI score0.00372EPSS
CVE
CVE
added 2020/01/29 3:21 p.m.58 views

CVE-2019-7656

CVE-2019-7656 affects Wowza Streaming Engine 4.8.0 and earlier. The root cause is overly relaxed permissions on core binaries under /usr/local/WowzaStreamingEngine/bin/, enabling a local unprivileged user to inject a payload (for example by replacing /usr/local/WowzaStreamingEngine/bin/tune.sh) a...

7.8CVSS7.8AI score0.00451EPSS
CVE
CVE
added 2024/11/21 10:59 p.m.57 views

CVE-2024-52056

The CVE-2024-52056 issue affects Wowza Streaming Engine Manager, specifically versions prior to 4.9.1. The vulnerability is a path traversal flaw in the Manager component that lets an administrator delete any directory on the file system if the directory contains an XML definition file. Root caus...

6.9CVSS6.5AI score0.00677EPSS
CVE
CVE
added 2018/03/05 6:0 p.m.56 views

CVE-2017-16922

Vulnerability in Wowza Streaming Engine (com.wowza.wms.timedtext.http.HTTPProviderCaptionFile) allows directory traversal and file retrieval via a remote HTTP request, affecting versions before 4.7.1. The root cause is the HTTPProviderCaptionFile’s handling of crafted requests that enables path t...

5.3CVSS5.3AI score0.01443EPSS
CVE
CVE
added 2021/10/05 3:10 p.m.56 views

CVE-2021-35491

CVE-2021-35491 affects Wowza Streaming Engine prior to 4.8.14. A CSRF vulnerability allows remote attackers to delete a user account via GET /enginemanager/server/user/delete.htm with a userName parameter. The issue arises because the application does not implement a CSRF token for the GET reques...

8.1CVSS8.1AI score0.00854EPSS
Web
CVE
CVE
added 2020/01/29 3:25 p.m.55 views

CVE-2019-7655

The CVE-2019-7655 entry affects Wowza Streaming Engine 4.8.0 and earlier, with multiple authenticated XSS vulnerabilities exposed via (1) customList[0].value in enginemanager/server/serversetup/edit_adv.htm and (2) the host field in enginemanager/j_spring_security_check of the login form. Affecte...

5.4CVSS5.3AI score0.00949EPSS
Web
CVE
CVE
added 2018/03/01 8:0 p.m.53 views

CVE-2018-7047

CVE-2018-7047 affects Wowza Streaming Engine prior to 4.7.1. The vulnerability is in the MBeans Server where the filesystem can be read and written via JMX using the default JMX credentials, with remote code execution possible. Impact includes potential unauthorized file access and execution of c...

9.8CVSS9.4AI score0.02359EPSS
CVE
CVE
added 2020/01/29 3:18 p.m.53 views

CVE-2019-7654

CVE-2019-7654 affects Wowza Streaming Engine 4.8.0 and earlier, with multiple CSRF vulnerabilities in the Server->Users area (notably enginemanager/server/user/edit.htm) that can trick an administrator into unauthorized changes (e.g., adding an admin user). Root cause: CSRF in the admin UI flo...

6.5CVSS6.5AI score0.00851EPSS
CVE
CVE
added 2018/03/01 8:0 p.m.50 views

CVE-2018-7049

The CVE-2018-7049 entry concerns Wowza Streaming Engine prior to 4.7.1, with a cross-site scripting (XSS) vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager). The issue allows script injection or reflection via a cr...

6.1CVSS6.1AI score0.00897EPSS
CVE
CVE
added 2020/08/03 1:24 p.m.50 views

CVE-2019-19453

Affected software: Wowza Streaming Engine (pre-4.8.5). Vulnerability: Cross-site scripting (XSS) where an authenticated user with access to proxy license editing can inject a payload that is executed on the main page of server settings. Root cause / mechanism: Insufficient input validation in the...

5.4CVSS5.1AI score0.00806EPSS
CVE
CVE
added 2018/03/01 8:0 p.m.48 views

CVE-2018-7048

CVE-2018-7048 affects Wowza Streaming Engine prior to 4.7.1. The issue is a denial-of-service caused by memory consumption triggered by a crafted HTTP request, with network-based attack vector and no authentication required per the available descriptions. The NVD entry documents a base score of 5...

7.5CVSS7.3AI score0.01519EPSS
CVE
CVE
added 2026/03/15 6:34 p.m.27 views

CVE-2016-20036

CVE-2016-20036 affects Wowza Streaming Engine 4.5.0, specifically the enginemanager interface. The issue is multiple reflected cross-site scripting vulnerabilities caused by insufficient sanitization of input passed through parameters such as appName, vhost, uiAppType, and wowzaCloudDestinationTy...

6.1CVSS5.9AI score0.00236EPSS
Web
CVE
CVE
added 2026/03/15 6:34 p.m.21 views

CVE-2016-20034

CVE-2016-20034 affects Wowza Streaming Engine 4.5.0. The vulnerability allows an authenticated read-only user to elevate privileges to administrator by manipulating POST parameters on the user edit endpoint, specifically setting accessLevel to 'admin' and advUser to 'true' and 'on'. The issue is ...

8.8CVSS5.8AI score0.00209EPSS
Web
CVE
CVE
added 2026/03/15 6:34 p.m.15 views

CVE-2016-20033

Wowza Streaming Engine 4.5.0 is affected by a local privilege escalation vulnerability. Authenticated users can replace the nssm_x64.exe binary in the manager and engine service directories with a malicious executable due to improper file permissions granting full access to the Everyone group, al...

8.5CVSS6AI score0.00208EPSS
CVE
CVE
added 2026/03/15 6:34 p.m.11 views

CVE-2016-20035

Wowza Streaming Engine 4.5.0 is affected by a CSRF vulnerability via the user edit endpoint that lets an attacker craft pages to cause admin actions (e.g., creating admin accounts with arbitrary credentials). The issue arises from insufficient request validation, enabling an authenticated session...

6.9CVSS5.7AI score0.00156EPSS
Web