4 results (0.005 seconds)

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in VideoWhisper.Com VideoWhisper Live Streaming Integration allows OS Command Injection.This issue affects VideoWhisper Live Streaming Integration: from n/a through 5.5.15. La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyección de comando del sistema operativo') en VideoWhisper.Com VideoWhisper Live Streaming Integration permite la inyección de comandos del sistema operativo. Este problema afecta la integración de transmisión en vivo de VideoWhisper: desde n/a hasta 5.5.15. The Live Streaming - Broadcast Live Video Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 5.5.15. This allows unauthenticated attackers to execute code on the server. • https://patchstack.com/database/vulnerability/videowhisper-live-streaming-integration/wordpress-broadcast-live-video-live-streaming-html5-webrtc-hls-rtsp-rtmp-plugin-5-5-15-remote-code-execution-rce?_s_id=cve • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 2

Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter. Vulnerabilidad de XSS en ls/vv_login.php en el plugin VideoWhisper Live Streaming Integration 4.27.2 y anteriores para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro room_name. • http://codevigilant.com/disclosure/wp-plugin-videowhisper-live-streaming-integration-a3-cross-site-scripting-xss http://www.securityfocus.com/bid/68321 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=833654%40videowhisper-live-streaming-integration&old=833649%40videowhisper-live-streaming-integration&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2

Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename. Vulnerabilidad en la carga de un archivo sin restricciones en ls/vw_snapshots.php en el plugin VideoWhisper Live Streaming Integration anterior a 4.29.5 de WordPress permite a atacantes remotos ejecutar código PHP arbitrario subiendo un archivo con doble extenisón, y después accediendo al archivo a través de una petición directa a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, como lo demuestra el nombre de archivo .php.jpg VideoWhisper Live Streaming Integration version 4.27.3 suffers from cross site scripting, remote shell upload, information exposure, and path traversal vulnerabilities. • https://www.exploit-db.com/exploits/31986 https://www.htbridge.com/advisory/HTB23199 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2

The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. La característica de manejo de error en (1) bp.php, (2) videowhisper_streaming.php, y (3) ls/rtmp.inc.php en el plugin VideoWhisper Live Streaming Integration anterior a 4.29.5 de WordPress permite a atacantes remotos obtener información sensible a través de una petición directa, la cual revela la ruta completa en un mensaje de error. VideoWhisper Live Streaming Integration version 4.27.3 suffers from cross site scripting, remote shell upload, information exposure, and path traversal vulnerabilities. • https://www.exploit-db.com/exploits/31986 https://www.htbridge.com/advisory/HTB23199 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •