Player Security Vulnerabilities
Stack-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted DHT chunk in a JPEG image within.....
8.2AI Score
0.001EPSS
VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash) via crafted traffic from a remote virtual...
6.5AI Score
0.002EPSS
Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID...
8.2AI Score
0.001EPSS
Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly other versions allows user-assisted remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a long line in a MIDI (.mid)...
7AI Score
0.024EPSS
Stack-based buffer overflow in Nokia Multimedia Player 1.00.55.5010, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a playlist (.npl)...
8.3AI Score
0.028EPSS
Stack-based buffer overflow in Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly other versions allows user-assisted remote attackers to execute arbitrary code via a long line in a .mamx...
8.3AI Score
0.019EPSS
Buffer overflow in Aviosoft DTV Player 1.0.1.2 allows remote attackers to execute arbitrary code via a crafted .plf (aka playlist)...
8AI Score
0.004EPSS
Buffer overflow in the ATAS32 processing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF...
7.8AI Score
0.009EPSS
Buffer overflow in the WRF parsing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF...
7.8AI Score
0.009EPSS
Cross-site scripting (XSS) vulnerability in the Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.8AI Score
0.001EPSS
The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified...
6.4AI Score
0.002EPSS
Buffer overflow in Groovy Media Player 3.2.0 allows remote attackers to execute arbitrary code via a long string in a .m3u...
7.8AI Score
0.086EPSS
VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly handle shared libraries, which allows host OS users to gain host OS privileges via unspecified...
6.8AI Score
0.0004EPSS
Buffer overflow in Gretech GOM Media Player before 2.2.53.5169 has unspecified impact and attack...
7.1AI Score
0.002EPSS
Gretech GOM Media Player 2.2.53.5169 and possibly earlier allows remote attackers to cause a denial of service (application crash) via a crafted WAV...
6.8AI Score
0.005EPSS
VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist...
6.4AI Score
0.001EPSS
Adobe Shockwave Player before 12.0.2.122 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than...
7.6AI Score
0.005EPSS
Buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DHT index value in JPEG data within a WRF file,....
8.2AI Score
0.003EPSS
Buffer overflow in Adobe Shockwave Player before 12.0.2.122 allows attackers to execute arbitrary code via unspecified...
7.7AI Score
0.037EPSS
Adobe Shockwave Player before 12.0.2.122 does not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified...
6.4AI Score
0.003EPSS
Stack-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID...
8.3AI Score
0.003EPSS
vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library...
6.6AI Score
0.001EPSS
Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted ARF file, aka Bug IDs CSCue74147.....
8.2AI Score
0.003EPSS
Adobe Shockwave Player before 12.0.2.122 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than...
7.6AI Score
0.005EPSS
Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ARF file, aka Bug IDs CSCue74118,...
8.2AI Score
0.003EPSS
Buffer overflow in the exception handler in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file, aka Bug ID...
8.2AI Score
0.003EPSS
plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based...
8AI Score
0.01EPSS
Adobe Shockwave Player before 12.0.4.144 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than...
7.7AI Score
0.005EPSS
Adobe Shockwave Player before 12.0.4.144 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than...
7.7AI Score
0.005EPSS
Avnex AV MP3 Player allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero...
6.6AI Score
0.002EPSS
Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via an OXM file with a negative value, which bypasses a check in (1) test_oxm and (2) decrunch_oxm functions in misc/oxm.c, leading to a buffer...
7.7AI Score
0.248EPSS
Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors related to an untrusted length value and the (1) pofs and (2) plen...
7.7AI Score
0.044EPSS
Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown; the details are obtained solely from.....
6.2AI Score
0.034EPSS
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash...
5.4CVSS
5.2AI Score
0.001EPSS
Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <=...
7.2CVSS
7.4AI Score
0.001EPSS
An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access, by means of an HTTP GET request to...
7.5CVSS
7.5AI Score
0.015EPSS
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the...
6.7CVSS
7.2AI Score
0.0004EPSS
Improper privilege management vulnerability in Samsung Video Player prior to version 7.3.15.30 allows attackers to execute video files without...
9.8CVSS
9.4AI Score
0.002EPSS
Micro-Star International (MSI) App Player <= 4.280.1.6309 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the NTIOLib_X64.sys and BstkDrv_msi2.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL...
7.8CVSS
7.7AI Score
0.0004EPSS
The MP3 Audio Player for Music, Radio & Podcast by Sonaar WordPress plugin before 2.4.2 does not properly sanitize or escape data in some of its Playlist settings, allowing high privilege users to perform Cross-Site Scripting...
4.8CVSS
4.9AI Score
0.001EPSS
The Video Player for YouTube WordPress plugin before 1.4 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious...
5.4CVSS
5.3AI Score
0.001EPSS
The Compact WP Audio Player WordPress plugin before 1.9.7 does not escape some of its shortcodes attributes, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting...
5.4CVSS
5.2AI Score
0.001EPSS
The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF...
6.5CVSS
6.3AI Score
0.001EPSS
The Html5 Audio Player – Audio Player for WordPress plugin before 2.1.3 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious...
5.4CVSS
5.3AI Score
0.001EPSS
The StreamCast – Radio Player for WordPress plugin before 2.1.1 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious...
5.4CVSS
5.3AI Score
0.001EPSS
The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows attackers to inject arbitrary web scripts, in versions 7.5.0.727 -...
6.1CVSS
6AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in callback.php in Spotify-for-Alfred 0.13.9 and below allows remote attackers to inject arbitrary web script or HTML via the error...
6.1CVSS
6AI Score
0.001EPSS
The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the dzsap_download action using directory traversal in the link...
7.5CVSS
7.5AI Score
0.375EPSS
A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi...
7.1CVSS
6.8AI Score
0.001EPSS
A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the...
7.5CVSS
7.1AI Score
0.001EPSS