Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wowza streaming engine vulnerabilities and exploits
(subscribe to this query)
7.1
CVSSv3
CVE-2021-31540
Wowza Streaming Engine up to and including 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the application server configurat...
Wowza Streaming Engine
7.5
CVSSv3
CVE-2019-19454
An arbitrary file download was found in the "Download Log" functionality of Wowza Streaming Engine <= 4.x.x. This issue was resolved in Wowza Streaming Engine 4.8.0.
Wowza Streaming Engine
6.1
CVSSv3
CVE-2019-19456
A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine <= 4.x.x. This issue was resolved in Wowza Streaming Engine 4.8.0.
Wowza Streaming Engine
7.8
CVSSv3
CVE-2019-19455
Wowza Streaming Engine prior to 4.8.5 has Insecure Permissions which may allow a local malicious user to escalate privileges in / usr / local / WowzaStreamingEngine / manager / bin / in the Linux version of the server by writing arbitrary commands in any file and execute them as ...
Wowza Streaming Engine
9.8
CVSSv3
CVE-2018-7047
An issue exists in the MBeans Server in Wowza Streaming Engine prior to 4.7.1. The file system may be read and written to via JMX using the default JMX credentials (remote code execution may be possible as well).
Wowza Streaming Engine
7.5
CVSSv3
CVE-2018-7048
An issue exists in Wowza Streaming Engine prior to 4.7.1. There is a denial of service (memory consumption) via a crafted HTTP request.
Wowza Streaming Engine
5.5
CVSSv3
CVE-2021-31539
Wowza Streaming Engine prior to 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file. A regular local user is able to read usernames and passwords.
Wowza Streaming Engine
6.1
CVSSv3
CVE-2018-7049
An issue exists in Wowza Streaming Engine prior to 4.7.1. There is an XSS vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager) causing script injection and/or reflection via a crafted HTTP request.
Wowza Streaming Engine
8.8
CVSSv3
CVE-2020-9004
A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and previous versions allows any read-only user to issue requests to the administration panel in order to change functionality. For example, a read-only user may activate the Java JMX port i...
Wowza Streaming Engine
8.1
CVSSv3
CVE-2021-35491
A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine up to and including 4.8.11+5 allows a remote malicious user to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for t...
Wowza Streaming Engine
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »