Textream
Monthly
Textream versions prior to 1.5.1 lack connection limits on the DirectorServer WebSocket, allowing remote attackers to trigger denial of service by flooding the server with requests that trigger periodic state broadcasts, exhausting system resources and crashing the application during live sessions. Public exploit code exists for this vulnerability. The issue is resolved in version 1.5.1 and later.
Textream prior to version 1.5.1 fails to validate the Origin header during WebSocket handshake, allowing malicious websites to establish unauthorized connections to the local DirectorServer and inject arbitrary commands. An attacker can exploit this from a browser to gain full remote control of teleprompter content without user interaction beyond visiting a compromised page. Public exploit code exists for this vulnerability; updating to version 1.5.1 or later resolves the issue.
Textream versions prior to 1.5.1 lack connection limits on the DirectorServer WebSocket, allowing remote attackers to trigger denial of service by flooding the server with requests that trigger periodic state broadcasts, exhausting system resources and crashing the application during live sessions. Public exploit code exists for this vulnerability. The issue is resolved in version 1.5.1 and later.
Textream prior to version 1.5.1 fails to validate the Origin header during WebSocket handshake, allowing malicious websites to establish unauthorized connections to the local DirectorServer and inject arbitrary commands. An attacker can exploit this from a browser to gain full remote control of teleprompter content without user interaction beyond visiting a compromised page. Public exploit code exists for this vulnerability; updating to version 1.5.1 or later resolves the issue.