CVE-2019-19141

The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. This allows remote code execution via a variety of methods, such as on a default Ubuntu installation...

CVE-2019-19141

The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. This allows remote code execution via a variety of methods, such as on a default Ubuntu installation...

Directory traversal

The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. This allows remote code execution via a variety of methods, such as on a default Ubuntu installation...

CVE-2019-19141

The Plex Media Server CVE-2019-19141 vulnerability affects the Camera Upload feature through version 1.18.2.2029. It permits remote authenticated users to write files anywhere the Plex process user has permissions, enabling remote code execution. The described attack path includes directory trave...

CVE-2019-19141

The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. This allows remote code execution via a variety of methods, such as on a default Ubuntu installation...

Plex Media Server Path Traversal Vulnerability

Plex Media Server is a media player and media server software. A path traversal vulnerability in the Camera Upload feature in Plex Media Server 1.18.2.2029 and prior versions, which arises from a failure of a networked system or product to properly filter for specific elements in the path of a...

Plex Media Server Authentication Bypass Vulnerability (Aug 2018) - Active Check

Plex Media Server is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2018-21031

Tautulli versions 2.1.38 and below allows remote attackers to bypass intended access control in Plex Media Server because the X-Plex-Token is mishandled and can be retrieved from Tautulli. NOTE: Initially, this id was associated with Plex Media Server 1.18.2.2029-36236cc4c as the affected product...

CVE-2018-21031

Tautulli versions 2.1.38 and below allows remote attackers to bypass intended access control in Plex Media Server because the X-Plex-Token is mishandled and can be retrieved from Tautulli. NOTE: Initially, this id was associated with Plex Media Server 1.18.2.2029-36236cc4c as the affected product...

Information disclosure

Tautulli versions 2.1.38 and below allows remote attackers to bypass intended access control in Plex Media Server because the X-Plex-Token is mishandled and can be retrieved from Tautulli. NOTE: Initially, this id was associated with Plex Media Server 1.18.2.2029-36236cc4c as the affected product...

CVE-2018-21031

CVE-2018-21031 affects Tautulli versions up to 2.1.38. The flaw arises from mishandling the X-Plex-Token, which can be retrieved from Tautulli and used to bypass access controls on Plex Media Server. The description indicates the affected product is Tautulli (not Plex Media Server itself), and it...

CVE-2018-21031

Tautulli versions 2.1.38 and below allows remote attackers to bypass intended access control in Plex Media Server because the X-Plex-Token is mishandled and can be retrieved from Tautulli. NOTE: Initially, this id was associated with Plex Media Server 1.18.2.2029-36236cc4c as the affected product...

Tautulli 2.1.26 Cross Site Scripting

Tautulli https://tautulli.com/ is a Python based monitoring and tracking tool for Plex Media Server. We discovered that an authenticated Plex Media Server user could change their Plex username to include JavaScript and Tautulli would fail to sanitize the username so that when the Plex Media Serve...

PYSEC-2019-255

data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page...

PYSEC-2019-255

data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page...

CVE-2019-8939

Tautulli 2.1.26 is affected by a reflected XSS in data/interfaces/default/history.html when a crafted Plex username is mishandled during History page construction. The vulnerability could allow JavaScript execution in the context of the Plex server administrator if a user’s username contains inje...

CVE-2019-8939

data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page...

FreeBSD : Plex Media Server -- Information Disclosure Vulnerability (337960ec-b5dc-11e8-ac58-a4badb2f4699)

Chris reports : The XML parsing engine for Plex Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing XXE attack. Unauthenticated attackers on the same LAN can use this vulnerability to : - Access arbitrary files from the filesystem with the same permission as...

CVE-2018-13415

In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...

CVE-2018-13415

In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...