Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
media server vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-19141
The Camera Upload functionality in Plex Media Server up to and including 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. This allows remote code execution via a variety of methods, such as (on a...
Plex Media Server
5.3
CVSSv3
CVE-2021-34808
Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server prior to 1.8.3-2881 allows remote malicious users to access intranet resources via unspecified vectors.
Synology Media Server
9.8
CVSSv3
CVE-2018-8914
SQL injection vulnerability in UPnP DMA in Synology Media Server prior to 1.7.6-2842 and prior to 1.4-2654 allows remote malicious users to execute arbitrary SQL commands via the ObjectID parameter.
Synology Media Server
NA
CVE-2007-5824
webserver.c in mt-dappd in Firefly Media Server 0.2.4 and previous versions allows remote malicious users to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in ...
Firefly Media Server
1 EDB exploit
7.5
CVSSv3
CVE-2021-33959
Plex media server 1.21 and before is vulnerable to ddos reflection attack via plex service.
Plex Media Server
1 Github repository
NA
CVE-2014-9181
Multiple directory traversal vulnerabilities in Plex Media Server prior to 0.9.9.3 allow remote malicious users to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (dot dot) in the URI to ...
Plex Media Server
1 EDB exploit
NA
CVE-2014-9304
Plex Media Server prior to 0.9.9.3 allows remote malicious users to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handl...
Plex Media Server
1 EDB exploit
7.5
CVSSv3
CVE-2024-24260
media-server v1.0.0 exists to contain a Use-After-Free (UAF) vulnerability via the sip_subscribe_remove function at /uac/sip-uac-subscribe.c.
Ireader Media-server 1.0.0
7.5
CVSSv3
CVE-2024-24262
media-server v1.0.0 exists to contain a Use-After-Free (UAF) vulnerability via the sip_uac_stop_timer function at /uac/sip-uac-transaction.c.
Ireader Media-server 1.0.0
5.4
CVSSv3
CVE-2017-16567
Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote malicious users to inject arbitrary web script or HTML via a "favorite."
Logitech Media Server 7.9.0
1 EDB exploit
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »