70 matches found
EUVD-2017-18932
Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location and passed to...
EUVD-2017-18934
Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication...
CVE-2017-20219
Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location and passed to...
CVE-2017-20220
Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication...
CVE-2017-20218
Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users...
CVE-2017-20217
Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrie...
Serviio PRO 访问控制错误漏洞
Serviio PRO is a multimedia streaming server software developed by the British company Serviio. Version 1.8 of Serviio PRO contains a vulnerability related to access control. This vulnerability stems from improper access control in the Configuration REST API, which could allow unauthenticated...
PT-2026-25738
Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication...
Serviio PRO 访问控制错误漏洞
Serviio PRO is a multimedia streaming server software developed by the British company Serviio. Version 1.8 of Serviio PRO contains a vulnerability related to access control. This vulnerability stems from improper access control settings in the Configuration REST API, which may allow...
Serviio PRO 代码问题漏洞
Serviio PRO is a multimedia streaming server software developed by the British company Serviio. Version 1.8 of Serviio PRO contains a code vulnerability. This vulnerability stems from improper search paths and directory permissions in Windows services, which may allow local users to execute...
Serviio PRO 跨站脚本漏洞
Serviio PRO is a multimedia streaming server software developed by the British company Serviio. Version 1.8 of Serviio PRO contains a cross-site scripting vulnerability. This vulnerability stems from a DOM-based cross-site scripting vulnerability in the mediabrowser component, which may allow...
CVE-2017-20220
CVE-2017-20220 affects Serviio PRO 1.8. The vulnerability is an improper access control in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password by sending crafted requests to REST endpoints. The available documents confirm the affected product...
CVE-2017-20220 Serviio PRO 1.8 Unauthenticated Password Change via REST API
Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication...
CVE-2017-20220 Serviio PRO 1.8 Unauthenticated Password Change via REST API
Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication...
CVE-2017-20219
Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location and passed to...
CVE-2017-20219 Serviio PRO 1.8 DOM-based Cross-Site Scripting via mediabrowser
Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location and passed to...
CVE-2017-20219 Serviio PRO 1.8 DOM-based Cross-Site Scripting via mediabrowser
Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location and passed to...
CVE-2017-20219
CVE-2017-20219 affects Serviio PRO 1.8 DLNA Media Streaming Server, specifically the mediabrowser component. The vulnerability is DOM-based XSS caused by reading input from document.location and passing it to document.write(), enabling an attacker-controlled payload to execute HTML/script in a us...
CVE-2017-20218 Serviio PRO 1.8 Local Privilege Escalation via Unquoted Path
Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users...
CVE-2017-20218
CVE-2017-20218 affects Serviio PRO 1.8 on Windows. The vulnerability is twofold: (1) an unquoted search path in the Windows service allows local attackers to run arbitrary code with elevated privileges by dropping malicious executables in the system root, and (2) overly permissive directory ACLs ...