47 matches found
EUVD-2017-18932
Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location and passed to...
EUVD-2017-18934
Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication...
CVE-2017-20219
Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location and passed to...
CVE-2017-20220
Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication...
Serviio PRO 跨站脚本漏洞
Serviio PRO is a multimedia streaming server software developed by the British company Serviio. Version 1.8 of Serviio PRO contains a cross-site scripting vulnerability. This vulnerability stems from a DOM-based cross-site scripting vulnerability in the mediabrowser component, which may allow...
CVE-2017-20220 Serviio PRO 1.8 Unauthenticated Password Change via REST API
Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication...
CVE-2017-20220
CVE-2017-20220 affects Serviio PRO 1.8. The vulnerability is an improper access control in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password by sending crafted requests to REST endpoints. The available documents confirm the affected product...
CVE-2017-20220 Serviio PRO 1.8 Unauthenticated Password Change via REST API
Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication...
CVE-2017-20220
Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication...
CVE-2017-20219
Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location and passed to...
CVE-2017-20219 Serviio PRO 1.8 DOM-based Cross-Site Scripting via mediabrowser
Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location and passed to...
CVE-2017-20219 Serviio PRO 1.8 DOM-based Cross-Site Scripting via mediabrowser
Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location and passed to...
CVE-2017-20219
CVE-2017-20219 affects Serviio PRO 1.8 DLNA Media Streaming Server, specifically the mediabrowser component. The vulnerability is DOM-based XSS caused by reading input from document.location and passing it to document.write(), enabling an attacker-controlled payload to execute HTML/script in a us...
CVE-2025-48580
In connectInternal of MediaBrowser.java, there is a possible way to access while in use permission while the app is in background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2025-48580
In connectInternal of MediaBrowser.java, there is a possible way to access while in use permission while the app is in background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
EUVD-2025-201772
In connectInternal of MediaBrowser.java, there is a possible way to access while in use permission while the app is in background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2025-48580
Technical details about CVE-2025-48580 are not publicly provided in the supplied documents. Monitor for updates from Android bulletin and vendor advisories for complete root-cause, affected products, and fixes.
PT-2025-43470
Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A flaw exists in the Framework component of Android operating systems due to insufficient protection of system data. Remote attackers may be able to escalate privileges by exploiting this...
EUVD-2022-2661
Malicious code in bioql PyPI...
Unspecified Vulnerability in Emby MediaBrowser (CNVD-2025-19601)
Emby MediaBrowser is a media server software from Emby. Emby MediaBrowser contains a security vulnerability that can be exploited by attackers to obtain sensitive information...