Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
streaming engine vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-7654
Wowza Streaming Engine 4.8.0 and previous versions suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another admin user via enginemanager/server/user/edit.htm in the Server-&g...
Wowza Streaming Engine
5.4
CVSSv3
CVE-2019-7655
Wowza Streaming Engine 4.8.0 and previous versions from multiple authenticated XSS vulnerabilities via the (1) customList%5B0%5D.value field in enginemanager/server/serversetup/edit_adv.htm of the Server Setup configuration or the (2) host field in enginemanager/j_spring_security...
Wowza Streaming Engine
7.8
CVSSv3
CVE-2019-7656
A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 and previous versions allows any unprivileged Linux user to escalate privileges to root. The installer sets too relaxed permissions on /usr/local/WowzaStreamingEngine/bin/* core program files. By injecting a pay...
Wowza Streaming Engine
8.8
CVSSv3
CVE-2020-9004
A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and previous versions allows any read-only user to issue requests to the administration panel in order to change functionality. For example, a read-only user may activate the Java JMX port i...
Wowza Streaming Engine
5.4
CVSSv3
CVE-2019-19453
Wowza Streaming Engine prior to 4.8.5 allows XSS (issue 1 of 2). An authenticated user, with access to the proxy license editing is able to insert a malicious payload that will be triggered in the main page of server settings. This issue was resolved in Wowza Streaming Engine 4.8...
Wowza Streaming Engine
7.5
CVSSv3
CVE-2019-19454
An arbitrary file download was found in the "Download Log" functionality of Wowza Streaming Engine <= 4.x.x. This issue was resolved in Wowza Streaming Engine 4.8.0.
Wowza Streaming Engine
7.8
CVSSv3
CVE-2019-19455
Wowza Streaming Engine prior to 4.8.5 has Insecure Permissions which may allow a local malicious user to escalate privileges in / usr / local / WowzaStreamingEngine / manager / bin / in the Linux version of the server by writing arbitrary commands in any file and execute them as ...
Wowza Streaming Engine
6.1
CVSSv3
CVE-2019-19456
A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine <= 4.x.x. This issue was resolved in Wowza Streaming Engine 4.8.0.
Wowza Streaming Engine
5.3
CVSSv3
CVE-2017-16922
In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine prior to 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically crafted HTTP request.
Wowza Streaming Engine
8.1
CVSSv3
CVE-2021-35491
A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine up to and including 4.8.11+5 allows a remote malicious user to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for t...
Wowza Streaming Engine
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »