Download
| Alert*
oval:org.secpod.oval:def:603615
coturn is installed oval:org.secpod.oval:def:53498 Multiple vulnerabilities were discovered in coTURN, a TURN and STUN server for VoIP. CVE-2018-4056 An SQL injection vulnerability was discovered in the coTURN administrator web portal. As the administration web interface is shared with the production, it is unfortunately not possible to easily filte ... oval:org.secpod.oval:def:603614 Multiple vulnerabilities were discovered in coTURN, a TURN and STUN server for VoIP. CVE-2018-4056 An SQL injection vulnerability was discovered in the coTURN administrator web portal. As the administration web interface is shared with the production, it is unfortunately not possible to easily filte ... oval:org.secpod.oval:def:1901912 An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator we ... oval:org.secpod.oval:def:70337 coturn: TURN and STUN server for VoIP coTURN could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:69849 A flaw was discovered in coturn, a TURN and STUN server for VoIP. By default coturn does not allow peers on the loopback addresses . A remote attacker can bypass the protection via a specially crafted request using a peer address of "0.0.0.0" and trick coturn in relaying to the loopback interface. I ... |