CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2015-2199 – WonderPlugin Audio Player <= 2.0 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2015-2199
Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php. Múltiples vulnerabilidades de inyección SQL en el plugin WonderPlugin Audio Player anterior a 2.1 para WordPress permiten a (1) usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro item[id] en una acción wonderplugin_audio_save_item en wp-admin/admin-ajax.php o administradores remotos ejecutar comandos SQL arbitrarios a través del parámetro itemid en la página (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, o (4) wonderplugin_audio_edit_item en wp-admin/admin.php. • https://www.exploit-db.com/exploits/36086 http://osvdb.org/show/osvdb/118508 http://osvdb.org/show/osvdb/118509 http://security.szurek.pl/wonderplugin-audio-player-20-blind-sql-injection-and-xss.html http://www.exploit-db.com/exploits/36086 http://www.wonderplugin.com/wordpress-audio-player • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 1CVE-2013-1464 – Audio Player <= 2.0.4.5 - Cross-Site Scripting via playerID Parameter
https://notcve.org/view.php?id=CVE-2013-1464
Cross-site scripting (XSS) vulnerability in assets/player.swf in the Audio Player plugin before 2.0.4.6 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the playerID parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en ssets/player.swf en el plugin Audio Player anterior a v2.0.4.6 para Wordpress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro playerID. WordPress Audio Player versions prior to 2.0.4.6 suffer from a cross site scripting vulnerability in player.swf. • https://www.exploit-db.com/exploits/38300 http://insight-labs.org/?p=738 http://packetstormsecurity.com/files/120129/WordPress-Audio-Player-SWF-Cross-Site-Scripting.html http://secunia.com/advisories/52083 http://secunia.com/advisories/58854 http://wordpress.org/extend/plugins/audio-player/changelog http://www.securityfocus.com/bid/57848 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 18%CPEs: 1EXPL: 4CVE-2009-4755 – Mercury Audio Player 1.21 - '.b4s' Local Stack Overflow
https://notcve.org/view.php?id=CVE-2009-4755
Multiple stack-based buffer overflows in Mercury Audio Player 1.21 allow remote attackers to execute arbitrary code via a long string in a malformed (1) .b4s or (2) .pls playlist file. Varios desbordamientos de búfer basados en pila en Mercury Audio Player v1.21 permiten a atacantes remotos ejecutar código de su elección a través de una cadena de texto extensa en un fichero de lista de reproducción (1) .b4s o (2) .pls malformado. • https://www.exploit-db.com/exploits/8580 http://osvdb.org/54170 http://secunia.com/advisories/34957 http://www.exploit-db.com/exploits/8580 http://www.exploit-db.com/exploits/8582 http://www.securityfocus.com/bid/34788 https://exchange.xforce.ibmcloud.com/vulnerabilities/50288 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 13%CPEs: 1EXPL: 5CVE-2009-4754 – Mercury Audio Player 1.21 - '.m3u' Local Stack Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-4754
Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file. Desbordamiento de búfer basado en pila en Mercury Audio Player v1.21 permite a atacantes remotos ejecutar código de su elección a través de una cadena de texto extensa en un fichero de lista de reproducción (.m3u) mal formado. • https://www.exploit-db.com/exploits/8578 https://www.exploit-db.com/exploits/8583 http://secunia.com/advisories/34957 http://www.exploit-db.com/exploits/8578 http://www.exploit-db.com/exploits/8583 http://www.securityfocus.com/bid/34788 https://exchange.xforce.ibmcloud.com/vulnerabilities/50288 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •