CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 4CVE-2024-31819 – AVideo WWBNIndex Plugin Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-31819
10 Apr 2024 — An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component. Un problema en WWBN AVideo v.12.4 a v.14.2 permite a un atacante remoto ejecutar código arbitrario a través del parámetro systemRootPath del componente submitIndex.php. • https://packetstorm.news/files/id/178659 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-47171
https://notcve.org/view.php?id=CVE-2023-47171
10 Jan 2024 — An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read. Existe una vulnerabilidad de divulgación de información en la funcionalidad de ruta de archivo fragmentado aVideoEncoder.json.php de WWBN AVideo 11.6 y la confirmación maestra de desarrollo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar la lectura de archivos ar... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1869 • CWE-73: External Control of File Name or Path •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49864
https://notcve.org/view.php?id=CVE-2023-49864
10 Jan 2024 — An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the `downloadURL_image` parameter. Existe una vulnerabilidad de divulgación de información en la funcionalidad de carga de imágenes aVideoEncoderReceiveImage.json.php de la confirmación maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HT... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1880 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49863
https://notcve.org/view.php?id=CVE-2023-49863
10 Jan 2024 — An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the `downloadURL_webpimage` parameter. Existe una vulnerabilidad de divulgación de información en la funcionalidad de carga de imágenes aVideoEncoderReceiveImage.json.php de la confirmación maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitu... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1880 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49862
https://notcve.org/view.php?id=CVE-2023-49862
10 Jan 2024 — An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the `downloadURL_gifimage` parameter. Existe una vulnerabilidad de divulgación de información en la funcionalidad de carga de imágenes aVideoEncoderReceiveImage.json.php de la confirmación maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1880 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49738
https://notcve.org/view.php?id=CVE-2023-49738
10 Jan 2024 — An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read. Existe una vulnerabilidad de divulgación de información en la funcionalidad image404Raw.php de la confirmación maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar la lectura de archivos arbitrarios. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1881 • CWE-73: External Control of File Name or Path •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48730
https://notcve.org/view.php?id=CVE-2023-48730
10 Jan 2024 — A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. Existe una vulnerabilidad de cross site scripting (xss) en la funcionalidad user name de navbarMenuAndLogo.php de la confirmación maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HTTP especialment... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1882 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 1CVE-2023-48728
https://notcve.org/view.php?id=CVE-2023-48728
10 Jan 2024 — A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. Existe una vulnerabilidad de cross site scripting (xss) en la funcionalidad functiongetOpenGraph videoName de WWBN AVideo 11.6 y la confirmación maestra de desarrollo 3c6bb3ff. Una solicitud HTTP especial... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1883 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-47861
https://notcve.org/view.php?id=CVE-2023-47861
10 Jan 2024 — A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. Existe una vulnerabilidad de cross site scripting (xss) en la funcionalidad user name channelBody.php de WWBN AVideo 11.6 y la confirmación maestra de desarrollo 15fed957fb. Una solicitud HTTP especialmente ... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1884 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49715
https://notcve.org/view.php?id=CVE-2023-49715
10 Jan 2024 — A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution when chained with an LFI vulnerability. An attacker can send a series of HTTP requests to trigger this vulnerability. Existe una vulnerabilidad de carga de archivos php sin restricciones en la funcionalidad de copia temporal import.json.php de la confirmación maestra de desarrollo de WWBN AVi... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1885 • CWE-434: Unrestricted Upload of File with Dangerous Type •