CVE-2002-2195 – Nullsoft Winamp 2.80 - Automatic Update Check Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-2195
Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who can spoof www.winamp.com to execute arbitrary code via a long server response. • https://www.exploit-db.com/exploits/21595 http://online.securityfocus.com/archive/1/280786 http://www.iss.net/security_center/static/9488.php http://www.securityfocus.com/bid/5170 •
CVE-2002-2412
https://notcve.org/view.php?id=CVE-2002-2412
Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts. • http://online.securityfocus.com/archive/1/273257 http://www.iss.net/security_center/static/9114.php http://www.securityfocus.com/bid/4781 • CWE-255: Credentials Management Errors •
CVE-2002-1176
https://notcve.org/view.php?id=CVE-2002-1176
Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist ID3v2 tag in an MP3 file. Desbordamiento de búfer en Winamp 2.81 permite a atacantes remotos ejecutar código arbitrario mediante una etiqueta ID3v2 de Artista larga en un fichero MP3. • http://marc.info/?l=bugtraq&m=104025874209567&w=2 •
CVE-2002-1177
https://notcve.org/view.php?id=CVE-2002-1177
Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows remote attackers to execute arbitrary code via an MP3 file containing a long (1) Artist or (2) Album ID3v2 tag. Múltiples desbordamientos de búfer en Winamp 3.0 cuando muestra un MP3 en la ventana de Libreria de Medios, permite a atacantes remotos ejecutar código arbitrario mediante un fichero MP3 conteniendo una etiqueta ID3v2 de Artista o Álbum larga. • http://marc.info/?l=bugtraq&m=104025874209567&w=2 http://www.securityfocus.com/bid/6429 •
CVE-2002-0546
https://notcve.org/view.php?id=CVE-2002-0546
Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file. Vulnerabilidad de secuencias de comandos en sitios cruzados en la zona de navegación de Winamp 2.78 y 2.79 permite a atacantes remotos la ejecución de código mediante etiquetas ID3v1 o ID3v2 en un fichero MP3. • http://archives.neohapsis.com/archives/bugtraq/2002-04/0026.html http://archives.neohapsis.com/archives/bugtraq/2002-04/0049.html http://www.iss.net/security_center/static/8753.php http://www.securityfocus.com/bid/4414 •