EUVD-2018-7383

Malware in sbrugna...

CVE-2018-15506

In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user account...

CVE-2018-15506

In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user account...

Xxe

In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user account...

CVE-2018-15506

In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user account...

CVE-2018-15506

BubbleUPnP 0.9 update 30 is affected by an XML External Entity Processing (XXE) vulnerability in the SSDP/UPnP XML parsing engine. Remote, unauthenticated attackers could (1) read arbitrary files with the running user’s permissions, (2) initiate SMB connections to capture NetNTLM credentials, and...

BubbleUPnP for DLNA/Chromecast - BSD license, Base64 encoded String, Customized SSL vulnerabilities

HackApp vulnerability scanner discovered that application BubbleUPnP for DLNA/Chromecast published at the 'play' market has multiple vulnerabilities...