CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-47171
https://notcve.org/view.php?id=CVE-2023-47171
10 Jan 2024 — An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read. Existe una vulnerabilidad de divulgación de información en la funcionalidad de ruta de archivo fragmentado aVideoEncoder.json.php de WWBN AVideo 11.6 y la confirmación maestra de desarrollo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar la lectura de archivos ar... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1869 • CWE-73: External Control of File Name or Path •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49864
https://notcve.org/view.php?id=CVE-2023-49864
10 Jan 2024 — An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the `downloadURL_image` parameter. Existe una vulnerabilidad de divulgación de información en la funcionalidad de carga de imágenes aVideoEncoderReceiveImage.json.php de la confirmación maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HT... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1880 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49738
https://notcve.org/view.php?id=CVE-2023-49738
10 Jan 2024 — An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read. Existe una vulnerabilidad de divulgación de información en la funcionalidad image404Raw.php de la confirmación maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar la lectura de archivos arbitrarios. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1881 • CWE-73: External Control of File Name or Path •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48730
https://notcve.org/view.php?id=CVE-2023-48730
10 Jan 2024 — A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. Existe una vulnerabilidad de cross site scripting (xss) en la funcionalidad user name de navbarMenuAndLogo.php de la confirmación maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HTTP especialment... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1882 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-47861
https://notcve.org/view.php?id=CVE-2023-47861
10 Jan 2024 — A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. Existe una vulnerabilidad de cross site scripting (xss) en la funcionalidad user name channelBody.php de WWBN AVideo 11.6 y la confirmación maestra de desarrollo 15fed957fb. Una solicitud HTTP especialmente ... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1884 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49715
https://notcve.org/view.php?id=CVE-2023-49715
10 Jan 2024 — A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution when chained with an LFI vulnerability. An attacker can send a series of HTTP requests to trigger this vulnerability. Existe una vulnerabilidad de carga de archivos php sin restricciones en la funcionalidad de copia temporal import.json.php de la confirmación maestra de desarrollo de WWBN AVi... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1885 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47862
https://notcve.org/view.php?id=CVE-2023-47862
10 Jan 2024 — A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send a series of HTTP requests to trigger this vulnerability. Existe una vulnerabilidad de inclusión de archivos local en la funcionalidad getLanguageFromBrowser de la confirmación maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar la ... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1886 • CWE-73: External Control of File Name or Path •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49589
https://notcve.org/view.php?id=CVE-2023-49589
10 Jan 2024 — An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to an arbitrary user password recovery. An attacker can send an HTTP request to trigger this vulnerability. Existe una vulnerabilidad de entropía insuficiente en la funcionalidad de generación de recoveryPass de userRecoverPass.php de la confirmación maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HT... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1896 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50172
https://notcve.org/view.php?id=CVE-2023-50172
10 Jan 2024 — A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user. Existe una vulnerabilidad de omisión de notificación de recuperación en la funcionalidad de validación de captcha userRecoverPass.php de la confirmación maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HTTP especialmente manipulada puede ... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1897 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49810
https://notcve.org/view.php?id=CVE-2023-49810
10 Jan 2024 — A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to captcha bypass, which can be abused by an attacker to brute force user credentials. An attacker can send a series of HTTP requests to trigger this vulnerability. Existe una vulnerabilidad de omisión de restricción de intento de inicio de sesión en la funcionalidad checkLoginAttempts de la confirmación maestra de desarrollo d... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1898 • CWE-307: Improper Restriction of Excessive Authentication Attempts •