CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32768
https://notcve.org/view.php?id=CVE-2022-32768
22 Aug 2022 — Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user's strea... • https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-32761
https://notcve.org/view.php?id=CVE-2022-32761
22 Aug 2022 — An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de divulgación de información en la funcionalidad aVideoEncoderReceiveImage de WWBN AVideo versiones 11.6 y dev master commit 3f7c0364. Una petición HTTP especialmente diseñada puede conllevar a una le... • https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 9.9EPSS: 2%CPEs: 1EXPL: 1CVE-2022-32572
https://notcve.org/view.php?id=CVE-2022-32572
22 Aug 2022 — An os command injection vulnerability exists in the aVideoEncoder wget functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de inyección de comandos en la funcionalidad wget de aVideoEncoder de WWBN AVideo versiones 11.6 y dev master commit 3f7c0364. Una petición HTTP especialmente diseñada puede conllevar a una ejecución de... • https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-32282
https://notcve.org/view.php?id=CVE-2022-32282
22 Aug 2022 — An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. An attacker that owns a users' password hash will be able to use it to directly login into the account, leading to increased privileges. Se presenta una comprobación inapropiada de la contraseña en la funcionalidad login de WWBN AVideo versiones 11.6 y dev master commit 37c0364. Un atacante que posea el hash de la contraseña de un usuario podrá utilizarlo para iniciar sesión directamente en la cu... • https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql • CWE-287: Improper Authentication CWE-836: Use of Password Hash Instead of Password for Authentication •
CVSS: 9.6EPSS: 1%CPEs: 1EXPL: 1CVE-2022-30690
https://notcve.org/view.php?id=CVE-2022-30690
22 Aug 2022 — A cross-site scripting (xss) vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de tipo cross-site scripting (xss) en la funcionalidad image403 de WWBN AVideo versiones 11.6 y dev master commit 3f7c0364. Una petición HTTP especialmente diseñada pue... • https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30605
https://notcve.org/view.php?id=CVE-2022-30605
22 Aug 2022 — A privilege escalation vulnerability exists in the session id functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de escalada de privilegios en la funcionalidad session id de WWBN AVideo versiones 11.6 y dev master commit 3f7c0364. Una petición HTTP especialmente diseñada puede conllevar a un au... • https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql • CWE-384: Session Fixation •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30547
https://notcve.org/view.php?id=CVE-2022-30547
22 Aug 2022 — A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de salto de directorio en la funcionalidad unzipDirectory de WWBN AVideo versiones 11.6 y dev master commit 3f7c0364. Una petición HTTP especialmente diseñada puede conllevar a una ejecución de un comando arb... • https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.9EPSS: 1%CPEs: 1EXPL: 0CVE-2022-30534
https://notcve.org/view.php?id=CVE-2022-30534
22 Aug 2022 — An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de inyección de comandos del Sistema Operativo en la funcionalidad aVideoEncoder chunkfile de WWBN AVideo versiones 11.6 y dev master commit 3f7c0364. Una petición HTTP especialmente diseñada puede... • https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29468
https://notcve.org/view.php?id=CVE-2022-29468
22 Aug 2022 — A cross-site request forgery (CSRF) vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de tipo cross-site request forgery (CSRF) en WWBN AVideo versiones 11.6 y dev master commit 3f7c0364. Una petición HTTP especialmente diseñada puede conllevar a un aumento de privilegios. • https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28712
https://notcve.org/view.php?id=CVE-2022-28712
22 Aug 2022 — A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de tipo cross-site scripting (xss) en la funcionalidad videoAddNew de WWBN AVideo versiones 11.6 y dev master commit 3f7c0364. Una petición HTTP especialmente diseña... • https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •