CVSS: 6.1EPSS: 0%CPEs: 72EXPL: 0CVE-2008-3567
https://notcve.org/view.php?id=CVE-2008-3567
10 Aug 2008 — Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags. Una vulnerabilidad de tipo cross-zone scripting en la función NowPlaying en NullSoft Winamp anterior a versión 5.541, permite a los atacantes remotos conducir ataques de tipo cross-site scripting (XSS) por medio de un archivo MP3 con JavaScript en etiquetas id3. • http://blog.watchfire.com/wfblog/2008/09/winamp-nowplayi.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 0CVE-2008-3441
https://notcve.org/view.php?id=CVE-2008-3441
01 Aug 2008 — Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. Nullsoft Winamp anterior a 5.24 no verifica adecuadamente la autenticidad de las actualizaciones, lo cual permite a atacantes de tipo 'hombre en el medio' (man-in-the-middle) ejecutar código de su elección a través de la actualización de un Caballo de Troya, como se demuestra por e... • http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 6%CPEs: 2EXPL: 0CVE-2007-4619 – FLAC Integer overflows
https://notcve.org/view.php?id=CVE-2007-4619
12 Oct 2007 — Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow. Múltiples desbordamientos de entero en Free Lossless Audio Codec (FLAC) libFLAC versiones anteriores a 1.2.1, como se usan Winamp versiones anteriores a 5.5 y otros productos, permiten a atacantes remotos... • http://bugzilla.redhat.com/show_bug.cgi?id=331991 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 9%CPEs: 30EXPL: 1CVE-2006-3228 – Winamp 5.21 - '.Midi' File Header Handling Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2006-3228
26 Jun 2006 — Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file. Desbordamiento de búfer en in_midi.dll para WinAmp v2.90 hasta v5.23, incluyendo v5.21, permite a atacantes remotos ejecutar código de su elección a través de un fichero manipulado .mi (MIDI). • https://www.exploit-db.com/exploits/1935 •
CVSS: 9.8EPSS: 7%CPEs: 4EXPL: 3CVE-2005-2310 – NullSoft Winamp 5.0 - Malformed ID3v2 Tag Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-2310
19 Jul 2005 — Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE. Desbordamiento de búfer en Winamp 5.03a, 5.09 y 5.091 permite que atacantes remotos ejecuten código arbitrario mediante un fichero MP3 con un tag ID3v2 largo. • https://www.exploit-db.com/exploits/25989 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 24%CPEs: 5EXPL: 0CVE-2004-1896
https://notcve.org/view.php?id=CVE-2004-1896
31 Dec 2004 — Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file. • http://marc.info/?l=bugtraq&m=108118289208693&w=2 •
CVSS: 9.8EPSS: 4%CPEs: 33EXPL: 1CVE-2004-0820 – Winamp 5.04 - '.wsz' Skin File Remote Code Execution
https://notcve.org/view.php?id=CVE-2004-0820
28 Aug 2004 — Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file. • https://www.exploit-db.com/exploits/418 •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 1CVE-2003-0765 – NullSoft Winamp 2.81/2.91/3.0/3.1 - MIDI Plugin 'IN_MIDI.dll' Track Data Size Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2003-0765
12 Sep 2003 — The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value. IN_MIDI.DLL plugin 3.01 y versiones anteriores, como es utilizado en Winamp 2.91, permite a atacantes remotos la ejecución de código arbitrario mediante un fichero MIDI con un valor "Track data size" largo. • https://www.exploit-db.com/exploits/23124 •
CVSS: 9.8EPSS: 1%CPEs: 13EXPL: 1CVE-2002-2392
https://notcve.org/view.php?id=CVE-2002-2392
31 Dec 2002 — Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code. • http://seclists.org/bugtraq/2002/Jul/0205.html •