Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
media server vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-34808
Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server prior to 1.8.3-2881 allows remote malicious users to access intranet resources via unspecified vectors.
Synology Media Server
7.5
CVSSv2
CVE-2018-8914
SQL injection vulnerability in UPnP DMA in Synology Media Server prior to 1.7.6-2842 and prior to 1.4-2654 allows remote malicious users to execute arbitrary SQL commands via the ObjectID parameter.
Synology Media Server
5
CVSSv2
CVE-2014-9181
Multiple directory traversal vulnerabilities in Plex Media Server prior to 0.9.9.3 allow remote malicious users to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (dot dot) in the URI to ...
Plex Media Server
1 EDB exploit
7.5
CVSSv2
CVE-2014-9304
Plex Media Server prior to 0.9.9.3 allows remote malicious users to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handl...
Plex Media Server
1 EDB exploit
7.1
CVSSv2
CVE-2007-6036
The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and previous versions allows remote malicious users to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation.
Live555 Media Server
1 EDB exploit
6.8
CVSSv2
CVE-2020-5742
Improper Access Control in Plex Media Server prior to June 15, 2020 allows any origin to execute cross-origin application requests.
Plex Media Server
7.1
CVSSv2
CVE-2007-5824
webserver.c in mt-dappd in Firefly Media Server 0.2.4 and previous versions allows remote malicious users to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in ...
Firefly Media Server
1 EDB exploit
NA
CVE-2024-24260
media-server v1.0.0 exists to contain a Use-After-Free (UAF) vulnerability via the sip_subscribe_remove function at /uac/sip-uac-subscribe.c.
Ireader Media-server 1.0.0
NA
CVE-2024-24262
media-server v1.0.0 exists to contain a Use-After-Free (UAF) vulnerability via the sip_uac_stop_timer function at /uac/sip-uac-transaction.c.
Ireader Media-server 1.0.0
5
CVSSv2
CVE-2017-6427
A Buffer Overflow exists in EvoStream Media Server 1.7.1. A crafted HTTP request with a malicious header will cause a crash. An example attack methodology may include a long message-body in a GET request.
Evostream Media Server 1.7.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »