Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| dream-multimedia-tv | dreambox_dm800_hd_se_firmware | 1.5 |
| dream-multimedia-tv | dreambox_dm800_hd_se | - |
| dream-multimedia-tv | dreambox_dm800_hd_pvr_firmware | 1.6 |
| dream-multimedia-tv | dreambox_dm800_hd_pvr_firmware | 1.5 |
| dream-multimedia-tv | dreambox_dm800_hd_pvr | - |
| dream-multimedia-tv | dreambox_dm800_hd_se_firmware | * |
Directory traversal vulnerability in file in Enigma2 Webinterface 1.5rc1 and 1.5beta4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| dream-multimedia-tv | enigma2_webinterface | 1.5 |
Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files via a full pathname in the file parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| dream-multimedia-tv | enigma2_webinterface | 1.6.1 |
| dream-multimedia-tv | enigma2_webinterface | 1.6.5 |
| dream-multimedia-tv | enigma2_webinterface | 1.6.8 |
| dream-multimedia-tv | enigma2_webinterface | 1.6.2 |
| dream-multimedia-tv | enigma2_webinterface | 1.7.0 |
| dream-multimedia-tv | enigma2_webinterface | 1.6.6 |
| dream-multimedia-tv | enigma2_webinterface | 1.6 |
| dream-multimedia-tv | enigma2_webinterface | 1.6.3 |
| dream-multimedia-tv | enigma2_webinterface | 1.6.4 |
| dream-multimedia-tv | enigma2_webinterface | 1.6.0 |
| dream-multimedia-tv | enigma2_webinterface | 1.6.7 |
Cross-site scripting (XSS) vulnerability in the DreamBox DM500-S allows remote attackers to inject arbitrary web script or HTML via the mode parameter to /body.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| dream-multimedia-tv | dreambox_dm500-s_firmware | * |