CVE-2018-21031
https://notcve.org/view.php?id=CVE-2018-21031
Tautulli versions 2.1.38 and below allows remote attackers to bypass intended access control in Plex Media Server because the X-Plex-Token is mishandled and can be retrieved from Tautulli. NOTE: Initially, this id was associated with Plex Media Server 1.18.2.2029-36236cc4c as the affected product and version. Further research indicated that Tautulli is the correct affected product. Las versiones 2.1.38 y posteriores de Tautulli permiten a los atacantes remotos eludir el control de acceso previsto en Plex Media Server porque el X-Plex-Token se maneja mal y se puede recuperar de Tautulli. NOTA: Inicialmente, esta identificación estaba asociada con Plex Media Server 1.18.2.2029-36236cc4c como versión y producto afectado. • https://forums.plex.tv/t/security-regarding-cve-2018-21031/493286 https://twitter.com/GerardFuguet/status/1009937529573912576 https://www.elladodelmal.com/2018/08/shodan-es-de-cine-hacking-tautulli-un.html https://www.exploit-db.com/docs/47790 • CWE-522: Insufficiently Protected Credentials •
CVE-2018-13415 – Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection
https://notcve.org/view.php?id=CVE-2018-13415
In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running Plex, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains. En Plex Media Server 1.13.2.5154, el motor de análisis XML para la funcionalidad SSDP/UPnP es vulnerable a un ataque XXE (XML External Entity Processing). Los atacantes no autenticados remotos pueden utilizar esta vulnerabilidad para: (1) acceder a archivos arbitrarios desde el sistema de archivos con el mismo permiso que la cuenta de usuario que ejecuta Plex, (2) iniciar conexiones SMP para capturar un desafío/respuesta NetNTLM y averiguar la contraseña en texto claro o (3) iniciar las conexiones SMB para retransmitir un desafío/respuesta NetNTLM y conseguir ejecutar comandos remotamente en dominios Windows. Plex Media Server version 1.13.2.5154 suffers from an XML external entity injection vulnerability in SSDP processing. • https://www.exploit-db.com/exploits/45146 http://seclists.org/fulldisclosure/2018/Aug/1 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2018-8914
https://notcve.org/view.php?id=CVE-2018-8914
SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter. Vulnerabilidad de inyección SQL en UPnP DMA en Synology Media Server en versiones anteriores a la 1.7.6-2842 y anteriores a la 1.4-2654 permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro ObjectID. • https://www.synology.com/en-global/support/security/Synology_SA_18_04 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2017-16567 – Logitech Media Server 7.9.0 - 'favorites' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-16567
Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a "favorite." Una vulnerabilidad Cross-Site Scripting (XSS) en Logitech Media Server 7.9.0 permite que atacantes remotos inyecten scripts web o HTML arbitrarios a través de "favorite". Logitech Media Server version 7.9.0 suffers from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/43122 https://github.com/dewankpant/CVE-2017-16567 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-16568 – Logitech Media Server 7.9.0 - 'Radio URL' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-16568
Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a radio URL. Una vulnerabilidad Cross-Site Scripting (XSS) en Logitech Media Server 7.9.0 permite que atacantes remotos inyecten scripts web o HTML arbitrarios a través de una URL radio. Logitech Media Server version 7.9.0 suffers from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/43123 https://github.com/dewankpant/CVE-2017-16568 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •