CVE-2020-5742
https://notcve.org/view.php?id=CVE-2020-5742
Improper Access Control in Plex Media Server prior to June 15, 2020 allows any origin to execute cross-origin application requests. Un Control de Acceso Inapropiado en Plex Media Server antes del 15 de junio de 2020, permite que cualquier origen ejecute peticiones de aplicaciones de origen cruzado • https://www.tenable.com/security/research/tra-2020-35 •
CVE-2017-16567 – Logitech Media Server 7.9.0 - 'favorites' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-16567
Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a "favorite." Una vulnerabilidad Cross-Site Scripting (XSS) en Logitech Media Server 7.9.0 permite que atacantes remotos inyecten scripts web o HTML arbitrarios a través de "favorite". Logitech Media Server version 7.9.0 suffers from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/43122 https://github.com/dewankpant/CVE-2017-16567 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-16568 – Logitech Media Server 7.9.0 - 'Radio URL' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-16568
Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a radio URL. Una vulnerabilidad Cross-Site Scripting (XSS) en Logitech Media Server 7.9.0 permite que atacantes remotos inyecten scripts web o HTML arbitrarios a través de una URL radio. Logitech Media Server version 7.9.0 suffers from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/43123 https://github.com/dewankpant/CVE-2017-16568 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-15687 – Logitech Media Server - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-15687
DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI. Existe Cross-Site Scripting (XSS) basado en DOM en Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0 y 7.9.1 mediante una URI manipulada. • https://www.exploit-db.com/exploits/43024 https://fireshellsecurity.team/assets/pdf/DOM-Based-Cross-Site-Scripting-_XSS_-Logitech-Media-Server.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-6036 – LIVE555 Media Server 2007.11.1 - ParseRTSPRequestString Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-6036
The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation. La función parseRTSPRequestString en LIVE555 Media Server 2007.11.01 y anteriores permite a atacantes remotos provocar denegación de servicio (caida de demonio) a través de una consulta pequeña RTSP, lo cual deriba en un número negativo para ser usado a lo largo de localización de memoria. • https://www.exploit-db.com/exploits/30776 http://aluigi.altervista.org/adv/live555x-adv.txt http://secunia.com/advisories/27711 http://secunia.com/advisories/29356 http://security.gentoo.org/glsa/glsa-200803-22.xml http://www.live555.com/liveMedia/public/changelog.txt http://www.securityfocus.com/archive/1/483910/100/0/threaded http://www.securityfocus.com/bid/26488 http://www.vupen.com/english/advisories/2007/3939 https://exchange.xforce.ibmcloud.com/vulnerabilities/38542 • CWE-20: Improper Input Validation •