Filtered by vendor Planetestream
Subscriptions
Filtered by product Planet Estream
Subscriptions
Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-45896 | 1 Planetestream | 1 Planet Estream | 2024-11-21 | 9.8 Critical |
Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document. Upload2.ashx can be used, or Ajax.asmx/ProcessUpload2. This leads to remote code execution. | ||||
CVE-2022-45895 | 1 Planetestream | 1 Planet Estream | 2024-11-21 | 6.5 Medium |
Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie (findable in HTML source code for Default.aspx in some situations) and the WhoAmI endpoint (e.g., path disclosure). | ||||
CVE-2022-45894 | 1 Planetestream | 1 Planet Estream | 2024-11-21 | 6.5 Medium |
GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\ directory traversal to read arbitrary local files. | ||||
CVE-2022-45893 | 1 Planetestream | 1 Planet Estream | 2024-11-21 | 8.8 High |
Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative and high-privileged user accounts by changing the value of the ON cookie. A brute-force attack can calculate a value that provides permanent access. | ||||
CVE-2022-45892 | 1 Planetestream | 1 Planet Estream | 2024-11-21 | 5.4 Medium |
In Planet eStream before 6.72.10.07, multiple Stored Cross-Site Scripting (XSS) vulnerabilities exist: Disclaimer, Search Function, Comments, Batch editing tool, Content Creation, Related Media, Create new user, and Change Username. | ||||
CVE-2022-45891 | 1 Planetestream | 1 Planet Estream | 2024-11-21 | 9.1 Critical |
Planet eStream before 6.72.10.07 allows attackers to call restricted functions, and perform unauthenticated uploads (Upload2.ashx) or access content uploaded by other users (View.aspx after Ajax.asmx/SaveGrantAccessList). | ||||
CVE-2022-45890 | 1 Planetestream | 1 Planet Estream | 2024-11-21 | 6.1 Medium |
In Planet eStream before 6.72.10.07, a Reflected Cross-Site Scripting (XSS) vulnerability exists via any metadata filter field (e.g., search within Default.aspx with the r or fo parameter). | ||||
CVE-2022-45889 | 1 Planetestream | 1 Planet Estream | 2024-11-21 | 7.2 High |
Planet eStream before 6.72.10.07 allows a remote attacker (who is a publisher or admin) to obtain access to all records stored in the database, and achieve the ability to execute arbitrary SQL commands, via Search (the StatisticsResults.aspx flt parameter). |
Page 1 of 1.