Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
media server vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2019-19141
The Camera Upload functionality in Plex Media Server up to and including 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. This allows remote code execution via a variety of methods, such as (on a...
Plex Media Server
7.1
CVSSv2
CVE-2007-6036
The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and previous versions allows remote malicious users to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation.
Live555 Media Server
1 EDB exploit
5
CVSSv2
CVE-2014-9181
Multiple directory traversal vulnerabilities in Plex Media Server prior to 0.9.9.3 allow remote malicious users to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (dot dot) in the URI to ...
Plex Media Server
1 EDB exploit
5
CVSSv2
CVE-2021-34808
Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server prior to 1.8.3-2881 allows remote malicious users to access intranet resources via unspecified vectors.
Synology Media Server
NA
CVE-2021-33959
Plex media server 1.21 and before is vulnerable to ddos reflection attack via plex service.
Plex Media Server
1 Github repository
6.8
CVSSv2
CVE-2020-5742
Improper Access Control in Plex Media Server prior to June 15, 2020 allows any origin to execute cross-origin application requests.
Plex Media Server
7.5
CVSSv2
CVE-2021-33180
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server prior to 1.8.1-2876 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Synology Media Server
NA
CVE-2024-24260
media-server v1.0.0 exists to contain a Use-After-Free (UAF) vulnerability via the sip_subscribe_remove function at /uac/sip-uac-subscribe.c.
Ireader Media-server 1.0.0
NA
CVE-2024-24262
media-server v1.0.0 exists to contain a Use-After-Free (UAF) vulnerability via the sip_uac_stop_timer function at /uac/sip-uac-transaction.c.
Ireader Media-server 1.0.0
7.5
CVSSv2
CVE-2018-13415
In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same perm...
Plex Media Server 1.13.2.5154
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »