VYPR
Vendor

Firefly

Products
2
CVEs
7
Across products
7
Status
Private

Products

2

Recent CVEs

7
  • CVE-2018-13415CriAug 13, 2018
    risk 0.69cvss 9.8epss 0.32

    In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same…

  • CVE-2007-2456May 2, 2007
    risk 0.04cvss epss 0.09

    Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) localize.php or (2) config.php in modules/admin/include/.

  • CVE-2007-5824Nov 5, 2007
    risk 0.03cvss epss 0.06

    webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the…

  • CVE-2022-22683Jul 28, 2022
    risk 0.00cvss epss 0.01

    Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2021-33180Jun 1, 2021
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2007-5825Nov 5, 2007
    risk 0.00cvss epss 0.04

    Format string vulnerability in the ws_addarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the (1) username or (2) password…

  • CVE-2007-2460May 2, 2007
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in modules/admin/include/config.php in FireFly 1.1.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. NOTE: the provenance of this information is unknown; the details are…