41 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-29462
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp libupnp appears to be...
Important: Red Hat Security Advisory: gupnp security update
An update for gupnp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
ALSA-2021:1789 Moderate: gssdp and gupnp security update
GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. GSSDP implements resource discovery and announcement over SSDP and is part of gUPnP. The...
Moderate: gssdp and gupnp security update
GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. GSSDP implements resource discovery and announcement over SSDP and is part of gUPnP. The...
CVE-2021-29462
The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp libupnp appears to be vulnerable to DNS rebinding attacks because it does not check the value of the Host header. This can be mitigated by using DNS revolvers which...
CVE-2021-29462
The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp libupnp appears to be vulnerable to DNS rebinding attacks because it does not check the value of the Host header. This can be mitigated by using DNS revolvers which...
CVE-2021-29462
The CVE-2021-29462 vulnerability affects the Portable SDK for UPnP Devices (libupnp). The server component fails to validate the Host header, enabling DNS rebinding attacks. Public advisories consistently state the issue is fixed in version 1.14.6 and later. Related OpenVAS/Mageia/Arch Linux entr...
PT-2021-18232 · Unknown +1 · Portable Sdk For Upnp Devices +1
Name of the Vulnerable Software and Affected Versions: Portable SDK for UPnP Devices versions prior to 1.14.6 Description: The server part of pupnp libupnp is susceptible to DNS rebinding attacks due to its failure to check the value of the Host header. This issue can be mitigated by utilizing DN...
[SECURITY] Fedora 31 Update: gupnp-1.0.5-1.fc31
GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible...
[SECURITY] Fedora 32 Update: gupnp-1.0.5-1.fc32
GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible...
Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection
Issue: Out-of-Band XXE in Universal Media Server's SSDP Processing Reserved CVE: CVE-2018-13416 Vulnerability Overview The XML parsing engine for Universal Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing XXE attack. Unauthenticated attackers on the same L...
VulnCheck KEV: CVE-2012-5959
Stack-based buffer overflow in the uniqueservicename function in ssdp/ssdpserver.c in the SSDP parser in the portable SDK for UPnP Devices aka libupnp, formerly the Intel SDK for UPnP devices before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN aka uuid field...
Portable SDK for UPnP Devices (libupnp) HTTP Arbitrary File Write
The Portable SDK for UPnP Devices libupnp running on the remote host is affected by a flaw that is triggered when handling HTTP POST or GET requests. An unauthenticated, remote attacker can exploit this to write arbitrary files to the web server file system. C Tenable Network Security, Inc...
Portable UPnP SDK unique_service_name() Remote Code Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Portable UPnP SDK - 'unique_service_name()' Remote Code Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Portable UPnP SDK uniqueservicename...
Portable SDK for UPnP Devices (libupnp) < 1.6.18 Multiple Stack-based Buffer Overflows RCE
According to its banner, the version of Portable SDK for UPnP Devices libupnp running on the remote host is prior to 1.6.18. It is, therefore, affected by multiple remote code execution vulnerabilities : - A stack-based buffer overflow condition exists in the uniqueservicename function within fil...
CVE-2012-5958
Stack-based buffer overflow in the uniqueservicename function in ssdp/ssdpserver.c in the SSDP parser in the portable SDK for UPnP Devices aka libupnp, formerly the Intel SDK for UPnP devices before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string th...
CVE-2012-5961
Stack-based buffer overflow in the uniqueservicename function in ssdp/ssdpserver.c in the SSDP parser in the portable SDK for UPnP Devices aka libupnp, formerly the Intel SDK for UPnP devices 1.3.1 allows remote attackers to execute arbitrary code via a long UDN aka device field in a UDP packet...
CVE-2012-5963
Stack-based buffer overflow in the uniqueservicename function in ssdp/ssdpserver.c in the SSDP parser in the portable SDK for UPnP Devices aka libupnp, formerly the Intel SDK for UPnP devices 1.3.1 allows remote attackers to execute arbitrary code via a long UDN aka uuid field within a string tha...
CVE-2012-5964
Stack-based buffer overflow in the uniqueservicename function in ssdp/ssdpserver.c in the SSDP parser in the portable SDK for UPnP Devices aka libupnp, formerly the Intel SDK for UPnP devices 1.3.1 allows remote attackers to execute arbitrary code via a long ServiceType aka urn service field in a...