CVE-2022-38089 Exment stored cross-site scripting vulnerability in v5.0.2 and earlier and v3.0.0 and earlier, v4.4.2 and earlier, and v2.2.2 and earlier.
Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment
CVE-2022-35733 Vulnerability in UNIMO Technology digital video recorders allows attackers to access the system without authentication.
The vulnerability can be exploited by injecting malicious PHP code via a web request to the affected device. UDR-JA1004/JA1008/JA1016 are IP camera series
CVE-2022-32282 - Exploiting the AVideo Login Flaw for Direct Account Takeover
If you run or use WWBN AVideo for hosting video content, you need to know about CVE-2022-32282. This security vulnerability, found in AVideo version 11.
CVE-2022-30534 An OS command injection vulnerability exists in the WWBN AVideo 11.6 and dev master commit 3f7c0364 functionality of aVideoEncoder. A specially crafted HTTP request can lead to arbitrary command execution.
The request should contain the following parameters:
http://Vulnerable Server>/{aVideoEncoder}/{aVideoEncoder}/{path}?cmd={command}
An OS command injection vulnerability exists in the aVideoEncoder
CVE-2021-3639 A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly
This can be exploited when a site is configured to use the mod_auth_mellon authentication module. When a user accesses a site with a
Episode
00:00:00
00:00:00