CVSS: 5.0EPSS: 21%CPEs: 5EXPL: 3CVE-2006-2802 – gxine 0.5.6 - HTTP Plugin Remote Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2006-2802
Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6. Desbordamiento de búfer en el HTTP Plugin (xineplug_inp_http.so) para xine-lib 1.1.1 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de una respuesta larga de un servidor HTTP, según lo demostrado usando gxine 0.5.6. • https://www.exploit-db.com/exploits/1852 http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html http://secunia.com/advisories/20369 http://secunia.com/advisories/20549 http://secunia.com/advisories/20766 http://secunia.com/advisories/20828 http://secunia.com/advisories/20942 http://secunia.com/advisories/21919 http://security.gentoo.org/glsa/glsa-200609-08.xml http://www.debian.org/security/2006/dsa-1105 http://www.mandriva.com/security/advisories?name= •
CVSS: 7.5EPSS: 9%CPEs: 4EXPL: 0CVE-2005-1692
https://notcve.org/view.php?id=CVE-2005-1692
Format string vulnerability in gxine 0.4.1 through 0.4.4, and other versions down to 0.3, allows remote attackers to execute arbitrary code via a ram file with a URL whose hostname contains format string specifiers. • http://cvs.sourceforge.net/viewcvs.py/xine/gnome-xine/ChangeLog?rev=HEAD&content-type=text/vnd.viewcvs-markup http://marc.info/?l=bugtraq&m=111670637812128&w=2 http://secunia.com/advisories/15451 http://security.gentoo.org/glsa/glsa-200505-19.xml http://www.0xbadexworm.org/adv/gxinefmt.txt http://www.osvdb.org/16747 http://www.securityfocus.com/bid/13707 http://www.vupen.com/english/advisories/2005/0626 •
CVSS: 10.0EPSS: 5%CPEs: 6EXPL: 0CVE-2004-1034
https://notcve.org/view.php?id=CVE-2004-1034
Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028061.html http://secunia.com/advisories/13117 http://security.gentoo.org/glsa/glsa-200411-14.xml http://sourceforge.net/tracker/index.php?func=detail&aid=1060299&group_id=9655&atid=109655 http://www.securityfocus.com/bid/11528 https://exchange.xforce.ibmcloud.com/vulnerabilities/17849 •