FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
337960ec-b5dc-11e8-ac58-a4badb2f4699	Plex Media Server -- Information Disclosure Vulnerability Chris reports: The XML parsing engine for Plex Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Unauthenticated attackers on the same LAN can use this vulnerability to: Access arbitrary files from the filesystem with the same permission as the user account running Plex. Initiate SMB connections to capture NetNTLM challenge/response and crack to clear-text password. Initiate SMB connections to relay NetNTLM challenge/response and achieve Remote Command Execution in Windows domains. Discovery 2018-08-01 Entry 2018-09-11 plexmediaserver plexmediaserver-plexpass < 1.13.5.5332 https://seclists.org/fulldisclosure/2018/Aug/1 CVE-2018-13415

VuXML ID

Description

337960ec-b5dc-11e8-ac58-a4badb2f4699

Plex Media Server -- Information Disclosure Vulnerability

Chris reports:

The XML parsing engine for Plex Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Unauthenticated attackers on the same LAN can use this vulnerability to:

Access arbitrary files from the filesystem with the same permission as the user account running Plex.

Initiate SMB connections to capture NetNTLM challenge/response and crack to clear-text password.

Initiate SMB connections to relay NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.

Discovery 2018-08-01
Entry 2018-09-11
plexmediaserver
plexmediaserver-plexpass

< 1.13.5.5332

https://seclists.org/fulldisclosure/2018/Aug/1
CVE-2018-13415