CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-47171
https://notcve.org/view.php?id=CVE-2023-47171
10 Jan 2024 — An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read. Existe una vulnerabilidad de divulgación de información en la funcionalidad de ruta de archivo fragmentado aVideoEncoder.json.php de WWBN AVideo 11.6 y la confirmación maestra de desarrollo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar la lectura de archivos ar... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1869 • CWE-73: External Control of File Name or Path •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49864
https://notcve.org/view.php?id=CVE-2023-49864
10 Jan 2024 — An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the `downloadURL_image` parameter. Existe una vulnerabilidad de divulgación de información en la funcionalidad de carga de imágenes aVideoEncoderReceiveImage.json.php de la confirmación maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HT... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1880 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-47861
https://notcve.org/view.php?id=CVE-2023-47861
10 Jan 2024 — A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. Existe una vulnerabilidad de cross site scripting (xss) en la funcionalidad user name channelBody.php de WWBN AVideo 11.6 y la confirmación maestra de desarrollo 15fed957fb. Una solicitud HTTP especialmente ... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1884 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •