Lucene search
MitreCVELIST:CVE-2018-13416HistoryAug 03, 2018 - 5:00 p.m.
CVE-2018-13416
2018-08-0317:00:00
mitre
www.cve.org
In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running UMS, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.
Related
packetstorm
packetstorm
Universal Media Server 7.1.0 XML Injection
2018-08-01 00:00:00
cve
cve
CVE-2018-13416
2018-08-03 17:29:00
zdt
zdt
exploitpack
exploitpack
Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection
2018-08-02 00:00:00
nvd
nvd
CVE-2018-13416
2018-08-03 17:29:00
prion
prion
Xxe
2018-08-03 17:29:00
openvas
openvas
Universal Media Server XXE Vulnerability
2018-08-07 00:00:00
exploitdb
exploitdb
Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection
2018-08-02 00:00:00