What Paul said.
Really check the 3rd party plugin. I know that some install my
ImageViewer top basically expose all your file system through LMS,
giving "visitors" access to all your photos etc. Check all installed 3rd
party plugins and make sure you really enabled them. Ask here if in doubt.
A plugin installed by an attacker could do anything the user running LMS
is allowed to do. That's why LMS refuses to be run as root by default.
--
Michael
Really check the 3rd party plugin. I know that some install my
ImageViewer top basically expose all your file system through LMS,
giving "visitors" access to all your photos etc. Check all installed 3rd
party plugins and make sure you really enabled them. Ask here if in doubt.
A plugin installed by an attacker could do anything the user running LMS
is allowed to do. That's why LMS refuses to be run as root by default.
--
Michael