Page 3 of 13 results (0.002 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter. Vulnerabilidad de inyección SQL en UPnP DMA en Synology Media Server en versiones anteriores a la 1.7.6-2842 y anteriores a la 1.4-2654 permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro ObjectID. • https://www.synology.com/en-global/support/security/Synology_SA_18_04 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1

A Buffer Overflow was discovered in EvoStream Media Server 1.7.1. A crafted HTTP request with a malicious header will cause a crash. An example attack methodology may include a long message-body in a GET request. Se ha descubierto un desbordamiento de búfer en EvoStream Media Server 1.7.1. Una solicitud HTTP manipulada con un encabezado malicioso causara una caída. • https://www.exploit-db.com/exploits/41547 http://www.securityfocus.com/bid/96820 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.1EPSS: 6%CPEs: 1EXPL: 2

The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation. La función parseRTSPRequestString en LIVE555 Media Server 2007.11.01 y anteriores permite a atacantes remotos provocar denegación de servicio (caida de demonio) a través de una consulta pequeña RTSP, lo cual deriba en un número negativo para ser usado a lo largo de localización de memoria. • https://www.exploit-db.com/exploits/30776 http://aluigi.altervista.org/adv/live555x-adv.txt http://secunia.com/advisories/27711 http://secunia.com/advisories/29356 http://security.gentoo.org/glsa/glsa-200803-22.xml http://www.live555.com/liveMedia/public/changelog.txt http://www.securityfocus.com/archive/1/483910/100/0/threaded http://www.securityfocus.com/bid/26488 http://www.vupen.com/english/advisories/2007/3939 https://exchange.xforce.ibmcloud.com/vulnerabilities/38542 • CWE-20: Improper Input Validation •