CVE-2019-19141
- EPSS 1.95%
- Veröffentlicht 19.12.2019 23:15:16
- Zuletzt bearbeitet 21.11.2024 04:34:15
The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. This allows remote code execution via a variety of meth...
CVE-2018-21031
- EPSS 0.18%
- Veröffentlicht 18.11.2019 17:15:10
- Zuletzt bearbeitet 21.11.2024 04:02:44
Tautulli versions 2.1.38 and below allows remote attackers to bypass intended access control in Plex Media Server because the X-Plex-Token is mishandled and can be retrieved from Tautulli. NOTE: Initially, this id was associated with Plex Media Serve...
CVE-2018-13415
- EPSS 32.31%
- Veröffentlicht 13.08.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:47:03
In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the...
CVE-2014-9304
- EPSS 3.39%
- Veröffentlicht 07.12.2014 21:59:05
- Zuletzt bearbeitet 12.04.2025 10:46:40
Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processe...
- EPSS 15.3%
- Veröffentlicht 02.12.2014 16:59:18
- Zuletzt bearbeitet 12.04.2025 10:46:40
Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (d...