Page 4 of 23 results (0.004 seconds)

CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 1

DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI. Existe Cross-Site Scripting (XSS) basado en DOM en Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0 y 7.9.1 mediante una URI manipulada. • https://www.exploit-db.com/exploits/43024 https://fireshellsecurity.team/assets/pdf/DOM-Based-Cross-Site-Scripting-_XSS_-Logitech-Media-Server.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 1%CPEs: 27EXPL: 0

The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data. Los unmarshallers AMF en Red5 Media Server en versiones anteriores a la 1.0.8 no restringen las clases para las que realizan deserialización, lo que permite que atacantes remotos ejecuten código arbitrario mediante datos Java serializados manipulados. • http://www.openwall.com/lists/oss-security/2017/05/22/2 https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1

A Buffer Overflow was discovered in EvoStream Media Server 1.7.1. A crafted HTTP request with a malicious header will cause a crash. An example attack methodology may include a long message-body in a GET request. Se ha descubierto un desbordamiento de búfer en EvoStream Media Server 1.7.1. Una solicitud HTTP manipulada con un encabezado malicioso causara una caída. • https://www.exploit-db.com/exploits/41547 http://www.securityfocus.com/bid/96820 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3

Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web server. Plex Media Server anterior a 0.9.9.3 permite a atacantes remotos evadir la lista blanca del servidor web, realizar ataques de SSRF y ejecutar acciones administrativas arbitrarias a través de múltiples cabeceras X-Plex-Url manipuladas en system/proxy, lo que son procesados inconsistentemente por el manejador de solicitudes en el servidor web 'backend'. • https://www.exploit-db.com/exploits/31983 http://www.securityfocus.com/archive/1/531290 https://forums.plex.tv/index.php/topic/62832-plex-media-server/?p=583250 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140228-1_Plex_Media_Server_Authentication_bypass_local_file_disclosure_v10.txt • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 3

Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (dot dot) in the URI to resources/. Múltiples vulnerabilidades de salto de directorio en Plex Media Server anterior a 0.9.9.3 permiten a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en la URI en (1) manage/ o (2) web/ o usuarios remotos autenticados leer ficheros arbitrarios a través de un .. • https://www.exploit-db.com/exploits/31983 http://www.securityfocus.com/archive/1/531290 https://forums.plex.tv/index.php/topic/62832-plex-media-server/?p=583250 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140228-1_Plex_Media_Server_Authentication_bypass_local_file_disclosure_v10.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •