Summary
Detail | |||
---|---|---|---|
Vendor | Videowhisper | First view | 2014-07-01 |
Product | Videowhisper Live Streaming Integration | Last view | 2018-03-19 |
Version | Type | Application | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.1 | 2018-03-19 | CVE-2014-2297 | Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. NOTE: vector 1 may overlap CVE-2014-1906.4. |
5 | 2014-12-29 | CVE-2014-1908 | The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. |
10 | 2014-12-29 | CVE-2014-1905 | Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename. |
4.3 | 2014-07-01 | CVE-2014-4569 | Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
25% (1) | CWE-200 | Information Exposure |
25% (1) | CWE-77 | Improper Sanitization of Special Elements used in a Command ('Comma... |
ExploitDB Exploits
id | Description |
---|---|
31986 | Wordpress VideoWhisper 4.27.3 - Multiple Vulnerabilities |
Snort® IPS/IDS
Date | Description |
---|---|
2018-06-05 | Wordpress VideoWhisper Live Streaming Integration plugin double extension fil... RuleID : 46483 - Type : SERVER-WEBAPP - Revision : 2 |