Wowza Media Systems Llc Wowza Streaming Engine vulnerabilities
4 known vulnerabilities affecting wowza_media_systems_llc/wowza_streaming_engine.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2016-20034P3HIGHCVSS 8.0v4.5.02026-03-16
CVE-2016-20034 [HIGH] CWE-352 CVE-2016-20034: Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated
Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser parameters set to 'true' and 'on' to gain administrative acce
nvd
CVE-2016-20033P3HIGHCVSS 7.8v4.5.02026-03-16
CVE-2016-20033 [HIGH] CWE-639 CVE-2016-20033: Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authent
Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions granting full access to the Everyone group. Attackers can replace the nssm_x64.exe binary in the manager and engine service directories with malicious exe
nvd
CVE-2016-20036P4MEDIUMCVSS 6.1v4.5.02026-03-16
CVE-2016-20036 [MEDIUM] CWE-79 CVE-2016-20036: Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the
Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like appName, vhost, uiAppType, and wowzaCloudDestinationType
nvd
CVE-2016-20035P4MEDIUMCVSS 4.3v4.5.02026-03-16
CVE-2016-20035 [MEDIUM] CWE-352 CVE-2016-20035: Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attacke
Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoint to create new admin accounts with arbitrary credenti
nvd