Universal Media Server 13.2.1 Cross Site Scripting

Exploit Title: Universal Media Server 13.2.1 Cross Site Scripting Google Dork: NA Date: 01/04/2023 Exploit Author: Yehia Elghaly - Mrvar0x Vendor Homepage: https://www.universalmediaserver.com/ Software Link: https://www.universalmediaserver.com/download/ Version: 13.2.1 Tested on: Windows 7 / 10...

Universal Media Server XXE Vulnerability

In Universal Media Server UMS, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML external entity XXE processing attack. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...

CVE-2018-13416

In Universal Media Server UMS 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...

Xxe

In Universal Media Server UMS 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...

CVE-2018-13416

In Universal Media Server UMS 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...

CVE-2018-13416

In Universal Media Server UMS 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...

CVE-2018-13416

The CVE-2018-13416 issue affects Universal Media Server (UMS) 7.1.0, where the SSDP/UPnP XML parsing engine is vulnerable to XML External Entity Processing (XXE). Unauthenticated, remote attackers can (per multiple sources) read arbitrary files on the host, trigger SMB NetNTLM captures (cracking ...

Universal Media Server XML External Entity Injection Vulnerability

Universal Media Server Universal Media Server is a DLNA compatible UPnP media server. An XML external entity injection vulnerability exists in the XML parsing engine of Universal Media Server's SSDP/UPNP functionality, which can be exploited by an attacker to obtain sensitive information or execu...

Universal Media Server 7.1.0 XML Injection

Issue: Out-of-Band XXE in Universal Media Server's SSDP Processing Reserved CVE: CVE-2018-13416 Vulnerability Overview The XML parsing engine for Universal Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing XXE attack. Unauthenticated attackers on the same L...