Subscribe via feed.

Kaltura Community Edition 11.1.0-2 Code Execution / File Upload / File Read

Posted by deepcore on March 16, 2016 – 6:06 am

The Kaltura platform contains a number of vulnerabilities, allowing unauthenticated users to execute code, read files, and access services listening on the localhost interface. Vulnerabilities present in the application also allow authenticated users to execute code by uploading a file, and perform stored cross site scripting attacks from the Kaltura Management Console into the admin console. Weak cryptographic secret generation allows unauthenticated users to bruteforce password reset tokens for accounts, and allows low level users to perform privilege escalation attacks.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.