CVSS: 9.3EPSS: 9%CPEs: 30EXPL: 1CVE-2006-3228 – Winamp 5.21 - '.Midi' File Header Handling Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2006-3228
26 Jun 2006 — Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file. Desbordamiento de búfer en in_midi.dll para WinAmp v2.90 hasta v5.23, incluyendo v5.21, permite a atacantes remotos ejecutar código de su elección a través de un fichero manipulado .mi (MIDI). • https://www.exploit-db.com/exploits/1935 •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2006-3007
https://notcve.org/view.php?id=CVE-2006-3007
13 Jun 2006 — Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ. Múltiples vulnerabilidades de XSS en SHOUTcast 1.9.5 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de los campos DJ (1) Description, (2) URL, (3) Genre, (4) AIM y (5) ICQ. • http://marc.info/?l=bugtraq&m=114980135615062&w=2 •
CVSS: 7.8EPSS: 13%CPEs: 2EXPL: 1CVE-2006-0720 – Winamp 5.12 - '.m3u' Local Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-0720
23 Feb 2006 — Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file. • https://www.exploit-db.com/exploits/26245 •
CVSS: 9.3EPSS: 16%CPEs: 18EXPL: 1CVE-2006-0708
https://notcve.org/view.php?id=CVE-2006-0708
15 Feb 2006 — Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476. • http://forums.winamp.com/showthread.php?s=&threadid=238648 •
CVSS: 9.8EPSS: 88%CPEs: 1EXPL: 4CVE-2006-0476 – Winamp - Playlist UNC Path Computer Name Overflow
https://notcve.org/view.php?id=CVE-2006-0476
31 Jan 2006 — Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field). • https://www.exploit-db.com/exploits/16531 •
CVSS: 9.8EPSS: 27%CPEs: 1EXPL: 1CVE-2005-3188
https://notcve.org/view.php?id=CVE-2005-3188
31 Dec 2005 — Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476. • http://securityreason.com/securityalert/397 •
CVSS: 9.8EPSS: 7%CPEs: 4EXPL: 3CVE-2005-2310 – NullSoft Winamp 5.0 - Malformed ID3v2 Tag Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-2310
19 Jul 2005 — Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE. Desbordamiento de búfer en Winamp 5.03a, 5.09 y 5.091 permite que atacantes remotos ejecuten código arbitrario mediante un fichero MP3 con un tag ID3v2 largo. • https://www.exploit-db.com/exploits/25989 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 24%CPEs: 5EXPL: 0CVE-2004-1896
https://notcve.org/view.php?id=CVE-2004-1896
31 Dec 2004 — Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file. • http://marc.info/?l=bugtraq&m=108118289208693&w=2 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2004-2384
https://notcve.org/view.php?id=CVE-2004-2384
31 Dec 2004 — NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file with a long filename, which causes the victim's player to crash when the file is opened from the command line. • http://www.securityfocus.com/archive/1/357986 •
CVSS: 9.8EPSS: 6%CPEs: 9EXPL: 2CVE-2004-1150 – NullSoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2004-1150
31 Dec 2004 — Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file. • https://www.exploit-db.com/exploits/25061 •