Vulnerability Spotlight: Vulnerabilities in WWBN AVideo web app could lead to command injection, authentication bypass | allinfosecnews.com

Aug. 16, 2022, 3:54 p.m. | Jon Munshaw (noreply@blogger.com)

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence blog.talosintelligence.com

Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.

Cisco Talos recently discovered multiple vulnerabilities in the WWBN AVideo web application that could allow an attacker to carry out a wide range of malicious actions, including command injection and authentication bypass.

AVideo is an open-source web application that allows users to build a video streaming and sharing platform. Anyone who joins the community can host videos on-demand, launch a live stream or encode different video formats.

TALOS-2022-1542 …

app authentication authentication bypass bypass command command injection injection spotlight vulnerabilities vulnerability web web app

More from blog.talosintelligence.com / Cisco Talos Intelligence Group - Comprehensive Threat Intelligence

Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation? 11 hours ago | blog.talosintelligence.com

account blocked court disinformation +8

OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal 1 day, 17 hours ago | blog.talosintelligence.com

cisco cisco talos code confidential +20

Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials 2 days, 17 hours ago | blog.talosintelligence.com

attacks brute brute-force cisco +24

The internet is already scary enough without April Fool’s jokes 1 week ago | blog.talosintelligence.com

april backdoor community internet +7

Vulnerability in some TP-Link routers could lead to factory reset 1 week, 1 day ago | blog.talosintelligence.com

amd directx driver factory +10

April’s Patch Tuesday includes 150 vulnerabilities, 60 which could lead to remote code execution 1 week, 2 days ago | blog.talosintelligence.com

april code code execution critical +10

Starry Addax targets human rights defenders in North Africa with new malware 1 week, 2 days ago | blog.talosintelligence.com

activists actor africa cisco +18

There are plenty of ways to improve cybersecurity that don’t involve making workers return to … 2 weeks ago | blog.talosintelligence.com

actions april cybersecurity don +14

CoralRaider targets victims’ data and social media accounts 2 weeks ago | blog.talosintelligence.com

accounts actor calling cisco +14

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Cloud Security Engineer

@ Pacific Gas and Electric Company | Oakland, CA, US, 94612

View on infosec-jobs.com

Penetration Tester (Level 2)

@ Verve Group | Pune, Mahārāshtra, India

View on infosec-jobs.com

Senior Security Operations Engineer (Azure)

@ Jamf | US Remote

View on infosec-jobs.com

(Junior) Cyber Security Consultant IAM (m/w/d)

@ Atos | Berlin, DE, D-13353

View on infosec-jobs.com