Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1907

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2014-1907
Last Modified 07 Mar 2014 09:39:23
Published 06 Mar 2014 10:55:28
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-1907

Summary

Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php.

Vulnerable Systems

Application

  • Videowhisper Live Streaming Integration Plugin 1.0.2

  • Videowhisper Live Streaming Integration Plugin 2.0

  • Videowhisper Live Streaming Integration Plugin 2.1

  • Videowhisper Live Streaming Integration Plugin 2.2

  • Videowhisper Live Streaming Integration Plugin 4.05

  • Videowhisper Live Streaming Integration Plugin 4.07

  • Videowhisper Live Streaming Integration Plugin 4.25

  • Videowhisper Live Streaming Integration Plugin 4.25.3

  • Videowhisper Live Streaming Integration Plugin 4.27

  • Videowhisper Live Streaming Integration Plugin 4.27.3

  • Videowhisper Live Streaming Integration Plugin 4.27.4


References

MISC - https://www.htbridge.com/advisory/HTB23199

XF - videowhisper-cve20141907-dir-trav(91478)

MISC - http://packetstormsecurity.com/files/125454


Last Updated: 27 May 2016 11:04:34