VYPR

Media Server

by Firefly

CVEs (5)

  • CVE-2018-13415CriAug 13, 2018
    risk 0.69cvss 9.8epss 0.32

    In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same…

  • CVE-2007-5824Nov 5, 2007
    risk 0.03cvss epss 0.06

    webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the…

  • CVE-2022-22683Jul 28, 2022
    risk 0.00cvss epss 0.01

    Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2021-33180Jun 1, 2021
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2007-5825Nov 5, 2007
    risk 0.00cvss epss 0.04

    Format string vulnerability in the ws_addarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the (1) username or (2) password…

VYPR — Vulnerability Intelligence