Vulnerabilities > Plays TV

DATE CVE VULNERABILITY TITLE RISK
2018-04-13 CVE-2018-6547 Improper Authentication vulnerability in Plays.Tv
plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, contains an HTTP message parsing function that takes a user-defined path and writes non-user controlled data as SYSTEM to the file when the extract_files parameter is used.
network
low complexity
plays-tv CWE-287
critical
9.4
2018-04-13 CVE-2018-6546 Improper Authentication vulnerability in Plays.Tv
plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, executes code at a user-defined (local or SMB) path as SYSTEM when the execute_installer parameter is used in an HTTP message.
network
low complexity
plays-tv CWE-287
critical
10.0