Wowza Vulnerabilities

An attacker can inject harmful scripts into the Wowza Streaming Engine's management interface, allowing them to execute malicious code in a user's browser session. This vulnerability requires the attacker to manipulate specific input parameters, potentially tricking users into clicking on a link or visiting a page that exploits the flaw.

This vulnerability allows attackers to create new admin accounts with any credentials by tricking logged-in administrators into visiting a malicious website. The attacker needs the administrator to be logged in to the Wowza Streaming Engine while visiting the malicious site, which then submits unauthorized requests on their behalf.

This vulnerability allows an attacker with a read-only user account to gain full administrative access to the Wowza Streaming Engine by tricking the system into thinking they have higher privileges. The attacker simply needs to send a specially crafted request to the server, changing certain parameters to elevate their access level.

This vulnerability allows an attacker with access to the Wowza Streaming Engine to replace important executable files with malicious ones, giving them the ability to run code with full system privileges when the services restart. The attacker can exploit this due to overly permissive file settings that let anyone modify these files.