Page 24 of 127 results (0.010 seconds)

CVSS: 7.5EPSS: 71%CPEs: 1EXPL: 2

CVE-2007-6682 – VideoLAN VLC Media Player 0.8.6d - 'httpd_FileCallBack' Remote Format String

https://notcve.org/view.php?id=CVE-2007-6682

Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter. Vulnerabilidad de cadena de formato en la función httpd_FileCallBack (network/httpd.c) de VideoLAN VLC 0.8.6d permite a atacantes remotos ejecutar código de su elección mediante especificadores de cadenas de formato en el parámetro Connection. • https://www.exploit-db.com/exploits/5519 http://aluigi.altervista.org/adv/vlcboffs-adv.txt http://osvdb.org/42208 http://secunia.com/advisories/28233 http://secunia.com/advisories/29284 http://secunia.com/advisories/29766 http://securityreason.com/securityalert/3550 http://trac.videolan.org/vlc/changeset/23839 http://www.debian.org/security/2008/dsa-1543 http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml http://www.securityfocus.com/archive/1/485488/30/0/ •

CVSS: 7.5EPSS: 30%CPEs: 1EXPL: 2

CVE-2007-6681 – Kantaris 0.3.4 - SSA Subtitle Local Buffer Overflow

https://notcve.org/view.php?id=CVE-2007-6681

Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file. Desbordamiento de búfer basado en pila en modules/demux/subtitle.c de VideoLAN VLC 0.8.6d permite a atacantes remotos ejecutar código de su elección mediante un subtítulo largo en un fichero (1) MicroDvd, (2) SSA, y (3) Vplayer. • https://www.exploit-db.com/exploits/5498 http://aluigi.altervista.org/adv/vlcboffs-adv.txt http://mailman.videolan.org/pipermail/vlc-devel/2007-June/032672.html http://mailman.videolan.org/pipermail/vlc-devel/2007-June/033394.html http://osvdb.org/42207 http://secunia.com/advisories/28233 http://secunia.com/advisories/29284 http://secunia.com/advisories/29766 http://secunia.com/advisories/29800 http://security.gentoo.org/glsa/glsa-200804-25.xml http://securityreason.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2007-6683

https://notcve.org/view.php?id=CVE-2007-6683

The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability. La extensión de navegación de VideoLAN VLC 0.8.6d permite a atacantes remotos sobrescribir ficheros de su elección mediante (1) la opción :demuxdump-file en un nombre de fichero de una lista de reproducción, o (2) una sentencia EXTVLCOPT en un fichero MP3, posiblemente una vulnerabilidad de inyección de argumento. • http://mailman.videolan.org/pipermail/vlc-devel/2007-December/037726.html http://osvdb.org/42205 http://osvdb.org/42206 http://secunia.com/advisories/29284 http://secunia.com/advisories/29766 http://www.debian.org/security/2008/dsa-1543 http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml http://www.securityfocus.com/bid/28712 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14619 https://trac.videolan.org/vlc/changeset/23197 https •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

CVE-2007-6684

https://notcve.org/view.php?id=CVE-2007-6684

The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference. El módulo RTSP de VideoLAN VLC 0.8.6d permite a atacantes remotos provocar una denegación de servicio (caída) mediante una petición sin el parámetro Transfer, lo cual provoca una referencia a un puntero nulo. • http://mailman.videolan.org/pipermail/vlc-devel/2007-September/034722.html http://secunia.com/advisories/29284 http://trac.videolan.org/vlc/changeset/22023 http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14876 • CWE-20: Improper Input Validation •

CVSS: 8.5EPSS: 4%CPEs: 1EXPL: 1

CVE-2008-0295 – Kantaris 0.3.4 - SSA Subtitle Local Buffer Overflow

https://notcve.org/view.php?id=CVE-2008-0295

Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data. Desbordamiento de búfer basado en montículo en modules/access/rtsp/real_sdpplin.c de la biblioteca Xine, tal y como se usa en VideoLAN VLC Media Player 0.8.6d y versiones anteriores, permite a atacantes remotos con la complicidad del usuario provocar una denegación de servicio (caída) ó ejecutar código de su elección mediante datos largos de Protocolo de Descripción de Sesión (SDP). • https://www.exploit-db.com/exploits/5498 http://aluigi.altervista.org/adv/vlcxhof-adv.txt http://secunia.com/advisories/28383 http://secunia.com/advisories/29284 http://secunia.com/advisories/29766 http://www.debian.org/security/2008/dsa-1543 http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml http://www.securityfocus.com/bid/27221 http://www.vupen.com/english/advisories/2008/0105 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •