22 matches found
CVE-2025-32123
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup HTML5 Video Player with Playlist & Multiple Skins lbg-vp2-html5-rightside allows Reflected XSS.This issue affects HTML5 Video Player with Playlist & Multiple Skins: from n/a through =...
CVE-2025-32123
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup HTML5 Video Player with Playlist & Multiple Skins lbg-vp2-html5-rightside allows Reflected XSS.This issue affects HTML5 Video Player with Playlist & Multiple Skins: from n/a through =...
EUVD-2018-18117
Malware in sbrugna...
Mozilla Firefox Security Advisory (MFSA2014-39) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
HTML Video Player 1.2.5 Local Buffer Overflow
!/usr/bin/python Exploit Title: HTML Video Player 1.2.5 - Local Buffer Overflow - Non SEH Date: 27/01/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: http://www.html5videoplayer.net/download.html Software: http://www.html5videoplayer.net/html5videoplayer-setup.exe Contact:...
HTML Video Player 1.2.5 Local Buffer Overflow Exploit
Exploit for windows platform in category local exploits !/usr/bin/python Exploit Title: HTML Video Player 1.2.5 - Local Buffer Overflow - Non SEH Date: 27/01/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: http://www.html5videoplayer.net/download.html Software:...
HTML Video Player 1.2.5 - Buffer-Overflow (SEH)
Exploit Title: HTML Video Player 1.2.5 - Buffer-Overflow SEH Author: Kağan Çapar Discovery Date: 2018-11-16 Software Link: http://www.html5videoplayer.net/html5videoplayer-setup.exe Vendor Homepage : http://www.html5videoplayer.net Tested Version: 1.2.5 Tested on OS: Windows XP SP3 ENG Steps to...
HTML Video Player 1.2.5 - Buffer-Overflow (SEH) Exploit
Exploit for windows platform in category local exploits Exploit Title: HTML Video Player 1.2.5 - Buffer-Overflow SEH Author: Kağan Çapar Software Link: http://www.html5videoplayer.net/html5videoplayer-setup.exe Vendor Homepage : http://www.html5videoplayer.net Tested Version: 1.2.5 Tested on OS:...
HTML Video Player 1.2.5 Buffer Overflow
Exploit Title: HTML Video Player 1.2.5 - Buffer-Overflow SEH Author: Kagan Capar Discovery Date: 2018-11-16 Software Link: http://www.html5videoplayer.net/html5videoplayer-setup.exe Vendor Homepage : http://www.html5videoplayer.net Tested Version: 1.2.5 Tested on OS: Windows XP SP3 ENG Steps to...
DEBIAN-CVE-2018-6360
mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. For example, an av://lavfi:ladspa=file= UR...
UBUNTU-CVE-2018-6360
mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. For example, an av://lavfi:ladspa=file= UR...
Mozilla Firefox and Firefox ESR HTMLVideoElement Interface Memory Error Vulnerability
Mozilla Firefox is an open source web browser. A memory error vulnerability exists in the Mozilla Firefox HTMLVideoElement interface, which allows remote attackers to modify the JavaScript code of the media element URI form to crash the application or execute arbitrary code...
Mozilla: Use-after-free while manipulating HTML media content (MFSA 2015-106)
Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176...
UBUNTU-CVE-2015-4509
Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176...
Design/Logic Flaw
Use-after-free vulnerability in the ffh264freetables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references...
CVE-2015-3417
Use-after-free vulnerability in the ffh264freetables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references...
CVE-2015-3417
Use-after-free vulnerability in the ffh264freetables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references...
ffmpeg -- use-after-free
NVD reports: Use-after-free vulnerability in the ffh264freetables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element tha...
Mozilla Firefox Multiple Vulnerabilities-01 (May 2014) - Mac OS X
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
Memory corruption
The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and heap memory...