CVSS: 4.6EPSS: 23%CPEs: 33EXPL: 1CVE-2004-0820 – Winamp 5.04 - '.wsz' Skin File Remote Code Execution
https://notcve.org/view.php?id=CVE-2004-0820
Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file. • https://www.exploit-db.com/exploits/418 http://secunia.com/advisories/12381 http://www.auscert.org.au/render.html?it=4338 http://www.frsirt.com/exploits/08252004.skinhead.php https://exchange.xforce.ibmcloud.com/vulnerabilities/17124 •
CVSS: 6.4EPSS: 0%CPEs: 13EXPL: 1CVE-2002-2392
https://notcve.org/view.php?id=CVE-2002-2392
Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code. • http://seclists.org/bugtraq/2002/Jul/0205.html http://www.iss.net/security_center/static/9630.php http://www.securityfocus.com/bid/5266 •
CVSS: 5.0EPSS: 2%CPEs: 17EXPL: 3CVE-2002-2195 – Nullsoft Winamp 2.80 - Automatic Update Check Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-2195
Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who can spoof www.winamp.com to execute arbitrary code via a long server response. • https://www.exploit-db.com/exploits/21595 http://online.securityfocus.com/archive/1/280786 http://www.iss.net/security_center/static/9488.php http://www.securityfocus.com/bid/5170 •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2002-0547
https://notcve.org/view.php?id=CVE-2002-0547
Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field of an ID3v2 tag. Desbordamiento de búfer en la zona de navegación de Winamp 2.79 y versiones anteriores, permite a atacantes remotos causar una Denegación de Servicios (caída) y posiblemente la ejecución arbitraria de código mediante una cadena larga de caracteres en el campo title de una etiqueta ID3v2. • http://archives.neohapsis.com/archives/bugtraq/2002-04/0373.html http://www.iss.net/security_center/static/8946.php http://www.securityfocus.com/bid/4609 http://www.winamp.com/download/newfeatures.jhtml •
CVSS: 2.6EPSS: 0%CPEs: 2EXPL: 0CVE-2002-0284
https://notcve.org/view.php?id=CVE-2002-0284
Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname. Winamp 2.78 y 2.77, cuando abre un fichero wma (windows media audio) que necesita una licencia, envía la ruta completa del directorio de ficheros temporales de internet directamente a la página web que procesa la licencia, lo que podría permitir a servidores web maliciosos obtener la ruta. • http://marc.info/?l=bugtraq&m=101408781031527&w=2 •