CVE-2018-15506

BubbleUPnP 0.9 update 30 is affected by an XML External Entity Processing (XXE) vulnerability in the SSDP/UPnP XML parsing engine. Remote, unauthenticated attackers could (1) read arbitrary files with the running user’s permissions, (2) initiate SMB connections to capture NetNTLM credentials, and...