Show filters
14 Total Results
Displaying 11-14 of 14
Sort by:
Attacker Value
Unknown
CVE-2021-27857
Disclosure Date: September 27, 2021 (last updated February 23, 2025)
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname of the target system since the hostname is used as part of the configuration archive file name. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA003.
0
Attacker Value
Unknown
CVE-2021-30145
Disclosure Date: May 18, 2021 (last updated February 22, 2025)
A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file.
0
Attacker Value
Unknown
CVE-2020-7632
Disclosure Date: April 06, 2020 (last updated February 21, 2025)
node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument.
0
Attacker Value
Unknown
CVE-2018-6360
Disclosure Date: January 28, 2018 (last updated November 26, 2024)
mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. For example, an av://lavfi:ladspa=file= URL signifies that the product should call dlopen on a shared object file located at an arbitrary local pathname. The issue exists because the product does not consider that youtube-dl can provide a potentially unsafe URL.
0