Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Turbomeeting Security Vulnerabilities

cve
cve

CVE-2024-38287

The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value.

9.8CVSS

7.5AI Score

0.001EPSS

2024-07-25 08:15 PM
28
cve
cve

CVE-2024-38288

A command-injection issue in the Certificate Signing Request (CSR) functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root.

7.2CVSS

7.8AI Score

0.005EPSS

2024-07-25 08:15 PM
29
cve
cve

CVE-2024-38289

A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input.

9.8CVSS

8.4AI Score

0.009EPSS

2024-07-25 08:15 PM
32