Skip to main content

Media Server CVE-2014-9181

MEDIUM
Path Traversal (CWE-22)
2014-12-02 cve@mitre.org
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 02, 2014 - 16:59 cve.org
MEDIUM 5.0

DescriptionCVE.org

Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (dot dot) in the URI to resources/.

AnalysisAI

Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.3%.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (dot dot) in the URI to resources/. Affected products include: Plex Media Server. Version information: before 0.9.9.3.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

CVE-2017-6427 HIGH POC
7.5 Mar 10

A Buffer Overflow was discovered in EvoStream Media Server 1.7.1. Rated high severity (CVSS 7.5), this vulnerability is

CVE-2020-5741 HIGH POC
7.2 May 08

Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arb

CVE-2018-13415 CRITICAL POC
9.8 Aug 13

In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External En

CVE-2020-5742 HIGH POC
8.8 Jun 15

Improper Access Control in Plex Media Server prior to June 15, 2020 allows any origin to execute cross-origin applicatio

CVE-2025-69414 HIGH POC
8.5 Jan 02

Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call wit

CVE-2014-9304 HIGH POC
7.5 Dec 07

Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and e

CVE-2020-5740 HIGH POC
7.8 Apr 22

Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary

CVE-2024-24262 HIGH POC
7.5 Feb 05

media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_uac_stop_timer function a

CVE-2024-24260 HIGH POC
7.5 Feb 05

media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_subscribe_remove function

CVE-2025-69415 HIGH POC
7.1 Jan 02

In Plex Media Server (PMS) through 1.42.2.10156, ability to access /myplex/account with a device token is not properly a

CVE-2021-42835 HIGH POC
7.0 Dec 08

An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. Rated high severity (CVSS 7.0). Public explo

CVE-2017-5878 CRITICAL
9.8 Jun 08

The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserializatio

Share

CVE-2014-9181 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy