Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2019/06/19 5:15 p.m.10 views

CVE-2018-15506

In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user account...

9.8CVSS9.8AI score0.01926EPSS
Exploits0References1
NVD
NVDadded 2018/08/13 5:29 p.m.11 views

CVE-2018-13417

In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...

9.8CVSS9.7AI score0.47378EPSS
Exploits5References2
NVD
NVDadded 2018/08/13 5:29 p.m.17 views

CVE-2018-13415

In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...

9.8CVSS9.8AI score0.32143EPSS
Exploits5References2
OpenVAS
OpenVASadded 2018/08/07 12:0 a.m.77 views

Universal Media Server XXE Vulnerability

In Universal Media Server UMS, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML external entity XXE processing attack. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...

9.8CVSS9.6AI score0.55833EPSS
Exploits5References2
NVD
NVDadded 2018/08/03 5:29 p.m.17 views

CVE-2018-13416

In Universal Media Server UMS 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...

9.8CVSS9.7AI score0.55833EPSS
Exploits5References2
Prion
Prionadded 2018/08/03 5:29 p.m.14 views

Xxe

In Universal Media Server UMS 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...

7.5CVSS9.7AI score0.55833EPSS
Exploits5References2Affected Software1
exploitpack
exploitpackadded 2018/08/03 12:0 a.m.35 views

Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection

Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection Issue: Out-of-Band XXE in Vuze Bittorrent Client's SSDP Processing Reserved CVE: CVE-2018-13417 Vulnerability Overview The XML parsing engine for Vuze Bittorrent Client's SSDP/UPNP functionality is vulnerable to an XML...

7.5CVSS0.5AI score0.47378EPSS
Exploits5
n0where
n0whereadded 2018/07/02 5:33 p.m.34 views

Spoof SSDP replies to phish for NTLM hashes: evil-ssdp

This tool responds to SSDP multicast discover requests, posing as a generic UPNP device on a local network. Your spoofed device will magically appear in Windows Explorer on machines in your local network. Users who are tempted to open the device are shown a configurable webpage. By default, this...

6.8AI score
Exploits0References1
Rows per page
Query Builder