Page 3 of 18 results (0.006 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter. Vulnerabilidad de inyección SQL en UPnP DMA en Synology Media Server en versiones anteriores a la 1.7.6-2842 y anteriores a la 1.4-2654 permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro ObjectID. • https://www.synology.com/en-global/support/security/Synology_SA_18_04 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 1%CPEs: 27EXPL: 0

The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data. Los unmarshallers AMF en Red5 Media Server en versiones anteriores a la 1.0.8 no restringen las clases para las que realizan deserialización, lo que permite que atacantes remotos ejecuten código arbitrario mediante datos Java serializados manipulados. • http://www.openwall.com/lists/oss-security/2017/05/22/2 https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1

A Buffer Overflow was discovered in EvoStream Media Server 1.7.1. A crafted HTTP request with a malicious header will cause a crash. An example attack methodology may include a long message-body in a GET request. Se ha descubierto un desbordamiento de búfer en EvoStream Media Server 1.7.1. Una solicitud HTTP manipulada con un encabezado malicioso causara una caída. • https://www.exploit-db.com/exploits/41547 http://www.securityfocus.com/bid/96820 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3

Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web server. Plex Media Server anterior a 0.9.9.3 permite a atacantes remotos evadir la lista blanca del servidor web, realizar ataques de SSRF y ejecutar acciones administrativas arbitrarias a través de múltiples cabeceras X-Plex-Url manipuladas en system/proxy, lo que son procesados inconsistentemente por el manejador de solicitudes en el servidor web 'backend'. • https://www.exploit-db.com/exploits/31983 http://www.securityfocus.com/archive/1/531290 https://forums.plex.tv/index.php/topic/62832-plex-media-server/?p=583250 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140228-1_Plex_Media_Server_Authentication_bypass_local_file_disclosure_v10.txt • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 3

Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (dot dot) in the URI to resources/. Múltiples vulnerabilidades de salto de directorio en Plex Media Server anterior a 0.9.9.3 permiten a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en la URI en (1) manage/ o (2) web/ o usuarios remotos autenticados leer ficheros arbitrarios a través de un .. • https://www.exploit-db.com/exploits/31983 http://www.securityfocus.com/archive/1/531290 https://forums.plex.tv/index.php/topic/62832-plex-media-server/?p=583250 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140228-1_Plex_Media_Server_Authentication_bypass_local_file_disclosure_v10.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •