215 matches found
CVE-2018-13415
In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...
CVE-2018-13415
CVE-2018-13415 affects Plex Media Server 1.13.2.5154, specifically the XML parsing engine used for SSDP/UPnP. The vulnerability is an XML External Entity Processing (XXE) flaw that allows unauthenticated attackers on the same network to: (1) read arbitrary files on the host filesystem, (2) establ...
CVE-2018-13415
In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...
Plex Media Server's SSDP XML External Entity Injection Vulnerability
Plex Media Server is a multimedia entertainment player that supports multiple platforms. Plex Media Server's SSDP is vulnerable to an XML External Entity Injection vulnerability, which can be exploited by an unauthenticated attacker on the same LAN to access arbitrary files from the filesystem wi...
Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection Vulnerability
Exploit for jsp platform in category web applications Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection Reserved CVE: CVE-2018-13415 Vulnerability Overview The XML parsing engine for Plex Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity...
Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection
Issue: Out-of-Band XXE in Plex Media Server's SSDP Processing Reserved CVE: CVE-2018-13415 Vulnerability Overview The XML parsing engine for Plex Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing XXE attack. Unauthenticated attackers on the same LAN can use...
Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection
Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection Issue: Out-of-Band XXE in Plex Media Server's SSDP Processing Reserved CVE: CVE-2018-13415 Vulnerability Overview The XML parsing engine for Plex Media Server's SSDP/UPNP functionality is vulnerable to an XML External...
Plex Media Server 1.13.2.5154 SSDP Processing XML Injection
Issue: Out-of-Band XXE in Plex Media Server's SSDP Processing Reserved CVE: CVE-2018-13415 Vulnerability Overview The XML parsing engine for Plex Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing XXE attack. Unauthenticated attackers on the same LAN can use...
Plex Media Server -- Information Disclosure Vulnerability
Chris reports: The XML parsing engine for Plex Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing XXE attack. Unauthenticated attackers on the same LAN can use this vulnerability to: Access arbitrary files from the filesystem with the same permission as the...
SickRage Credential Disclosure
Exploit Title: SickRage v2018.03.09 - Clear-Text Credentials HTTP Response Date: 2018-04-01 Exploit Author: Sven Fassbender Vendor Homepage: https://sickrage.github.io Software Link: https://github.com/SickRage/SickRage Version: v2018.03.09-1 CVE : CVE-2018-9160 Category: webapps 1. Background...
SickRage v2018.03.09 - Clear-Text Credentials HTTP Response
SickRage v2018.03.09 - Clear-Text Credentials HTTP Response Exploit Title: SickRage v2018.03.09 - Clear-Text Credentials HTTP Response Date: 2018-04-01 Exploit Author: Sven Fassbender Vendor Homepage: https://sickrage.github.io Software Link: https://github.com/SickRage/SickRage Version:...
SickRage < v2018.03.09 - Clear-Text Credentials HTTP Response
Exploit Title: SickRage v2018.03.09 - Clear-Text Credentials HTTP Response Date: 2018-04-01 Exploit Author: Sven Fassbender Vendor Homepage: https://sickrage.github.io Software Link: https://github.com/SickRage/SickRage Version: v2018.03.09-1 CVE : CVE-2018-9160 Category: webapps 1. Background...
SickRage < v2018.03.09 - Clear-Text Credentials HTTP Response Exploit
Exploit for linux platform in category web applications Exploit Title: SickRage v2018.03.09 - Clear-Text Credentials HTTP Response Exploit Author: Sven Fassbender Vendor Homepage: https://sickrage.github.io Software Link: https://github.com/SickRage/SickRage Version: v2018.03.09-1 CVE :...
Plex Application Detection via TLS
Binary data 9106.prm...
Plex Media Server Detection (HTTP)
HTTP based detection of Plex Media Server. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.805225...
CVE-2014-9304
Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web...
Server side request forgery (ssrf)
Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web...
CVE-2014-9304
Plex Media Server prior to 0.9.9.3 is affected. The issue allows remote attackers to bypass the web server whitelist, perform SSRF via multiple crafted X-Plex-Url headers to system/proxy, and take arbitrary administrative actions due to inconsistent processing in the backend request handler. Impa...
CVE-2014-9304
Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web...
CVE-2014-9181
Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. dot dot in the URI to 1 manage/ or 2 web/ or remote authenticated users to read arbitrary files via a .. dot dot in the URI to resources/...