CVE-2022-2956 A vulnerability has been found in ConsoleTVs Noxen, affecting an unknown function of the file /Noxen-master/users.php
The nginx web server is a software package that serves web pages. It was developed as a replacement for the previously used Apache HTTP Server.
CVE-2022-30534 An OS command injection vulnerability exists in the WWBN AVideo 11.6 and dev master commit 3f7c0364 functionality of aVideoEncoder. A specially crafted HTTP request can lead to arbitrary command execution.
The request should contain the following parameters:
http://Vulnerable Server>/{aVideoEncoder}/{aVideoEncoder}/{path}?cmd={command}
An OS command injection vulnerability exists in the aVideoEncoder
CVE-2022-30547 The unzipDirectory function of WWBN AVideo 11.6 and dev master commit 3f7c0364 has a directory traversal vulnerability. A specially-crafted HTTP request can lead to arbitrary command execution.
When the software receives the HTTP request, it follows the directory structure of the remote server to retrieve the requested file. The unzipDirectory function parses
CVE-2021-3639 A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly
This can be exploited when a site is configured to use the mod_auth_mellon authentication module. When a user accesses a site with a
CVE-2022-34916 Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution attack when a configuration uses a JMS Source with a JNDI LDAP data source URI. An attacker has control of the target LDAP server.
Update configurations to use the java protocol or no protocol for JNDI data source URIs, or remove the JMS Source option. Note that you might
Episode
00:00:00
00:00:00