22 matches found
EUVD-2013-7113
Malware in sbrugna...
EUVD-2009-1812
Malware in sbrugna...
EUVD-2009-4719
Malware in sbrugna...
EUVD-2009-1349
Malware in sbrugna...
EUVD-2007-6647
Malware in sbrugna...
CVE-2025-10328
A security vulnerability has been detected in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this issue is some unknown functionality of the file /htdocs/api/playlist/playsinglefile.php. The manipulation of the argument File leads to os command injection. The attack may be initiated remotely...
CVE-2010-20042 Xion Audio Player ≤ 1.0.126 Unicode Stack Buffer Overflow
Xion Audio Player versions 1.0.126 and prior are vulnerable to a Unicode-based stack buffer overflow triggered by opening a specially crafted .m3u playlist file. The file contains an overly long string that overwrites the Structured Exception Handler SEH chain, allowing an attacker to hijack...
CVE-2011-10025
Subtitle Processor 7.7.1 contains a buffer overflow vulnerability in its .m3u file parser. When a crafted playlist file is opened, the application converts input to Unicode and copies it to a fixed-size stack buffer without proper bounds checking. This allows an attacker to overwrite the Structur...
CVE-2025-32946
This vulnerability allows any attacker to add playlists to a different user’s channel using the ActivityPub protocol. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request,...
CVE-2023-6605
CVE-2023-6605 affects FFmpeg’s DASH playlist handling. A crafted DASH playlist with malicious URLs can trigger SSRF (arbitrary HTTP GETs) from the host running FFmpeg. Public advisories in connected docs (Debian DLA-4241, Mageia advisory, Ubuntu USN-7830-1, Alpine Linux page) confirm a DASH SSRF ...
CVE-2023-6603 Ffmpeg: null pointer dereference in ffmpeg hls parsing
A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization...
GHSA-2H5R-CQFC-45V6 Jellyfin Web Cross-Site Scripting (XSS) via Playlist Name
In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim...
CVE-2018-8831
A Persistent XSS vulnerability exists in Kodi formerly XBMC through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist...
Kantaris 0.5.6 - Local Denial of Service PoC
No description provided by source. !/usr/bin/perl Kantaris 0.5.6 local Denial of service Poc Author: Anonymous How i find this bug: I was looking for mkv player because i downloaded 13 seasons of south park. I found Kantaris player and decided to chek it's security. Bug info:Kantaris 0.5.6 crashe...
BS.Player 2.56 (Build 1043) .m3u and .pls Denial of Service
Exploit for perl platform in category dos / poc =========================================================== BS.Player 2.56 Build 1043 .m3u and .pls Denial of Service =========================================================== !/usr/bin/python Exploit Title: BS.Player 2.56 Build 1043 .m3u and .pls...
BS.Player 2.56 Denial Of Service
!/usr/bin/python Exploit Title: BS.Player 2.56 Build 1043 .m3u and .pls Denial of Service Date: September 27, 2010 Author: modpr0be Software Link: http://www.bsplayer.com/bsplayer-setup.exe Version: 2.0.0 Tested on: Windows XP SP3/2003 CVE : - How it works? Open BS.Player -- Open the Playlist...
CVE-2008-7079
CVE-2008-7079 : Nero ShowTime 5.0.15.0 is affected by a remote buffer overflow triggered by a long entry in a .M3U playlist. Exploitation may crash the application and could allow arbitrary code execution; CVSS v2 base score 9.3 (HIGH). Affected product/version and root cause are described in the...
CVE-2009-1329
The CVE-2009-1329 issue affects Mini‑Stream Shadow Stream Recorder 3.0.1.7 and is a stack‑based buffer overflow triggered by a long URI in a playlist (.m3u) file, allowing remote code execution. Multiple sources (NVD entry and OpenVAS/NASL data) corroborate that an attacker could craft a maliciou...
DEBIAN-CVE-2007-6683
The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via 1 the :demuxdump-file option in a filename in a playlist, or 2 a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability...
Quintessential Player <= 4.50.1.82 Playlist Denial Of Service PoC
No description provided by source. / 0-day Quintessential Player = 4.50.1.82 Playlist Denial Of Service PoC ======================================================================== ======================================================================== Quintessential Player 4.50.1.82 and lower...