27 matches found
ZDI-10-010: RealNetworks RealPlayer Skin Parsing Remote Code Execution Vulnerability
ZDI-10-010: RealNetworks RealPlayer Skin Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-010 January 21, 2010 -- CVE ID: CVE-2009-4246 -- Affected Vendors: RealNetworks -- Affected Products: RealNetworks RealPlayer -- TippingPointTM IPS Customer...
Microsoft Windows Media Player Arbitrary File Download (MS03-017; CVE-2003-0228)
Microsoft Windows Media Player is an application that is used to play various media files, such as those compressed with AVI, MP3, MPG formats and so on. Windows Media Player runs on the Microsoft Windows operating system. Windows Media Player has the ability to change its user interface and...
DotNetNuke 2.0 <= 4.8.4 Skin Files Security Bypass Vulnerability
DotNetNuke is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dotnetnuke:dotnetnuke";...
CVE-2008-7102
DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation...
CVE-2008-7102
DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation...
CVE-2008-7102
DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation...
CVE-2002-2392
Affected product: Winamp 2.65 through 3.0. Vulnerable component: skin files (wsz and wal) stored in a predictable location. Root cause: a URL reference to these skin files can cause embedded code to be executed. Impact: remote attackers could execute arbitrary code. Exploitation details: CVE desc...
Microsoft Windows Media Player multiple security vulnerabilities
Multiple vulnerabilities on skin files parsing...
Microsoft Windows Media Player Remote Skin Header Code Execution Vulnerability
Description Microsoft Windows Media Player is prone to a remote code-execution vulnerability when handling specially crafted skin files. Attackers exploit this issue by coercing unsuspecting users to download and open Windows Media Player skin files WMZ or WMD files. Note that users must attempt ...
Microsoft Windows Media Player Remote Skin Decompression Code Execution Vulnerability
Description Microsoft Windows Media Player is prone to a remote code-execution vulnerability when handling specially crafted compressed skin files. Attackers exploit this issue by coercing unsuspecting users to download and open Windows Media Player skin files WMZ or WMD files. Successful exploit...
Microsoft Windows Media Player Skin Parsing Size Mismatch Heap Overflow Vulnerability
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the...
Microsoft Windows Media Player Malformed Skin Header Code Execution Vulnerability
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists while...
CVE-2006-6288
Multiple buffer overflows in Niek Albers CoolPlayer 216 and earlier allow remote attackers to execute arbitrary code via 1 a playlist file with long song names, because of an overflow in the CPLAddPrefixedFile function in CPIPlaylist.c; 2 a skin file with long button names, because of an overflow...
Real player media player multiple buffer overflow
Buffer overflows on parsing .rm streams and skin files...
Opera skin zip file buffer overflow vulnerability
The remote host is using Opera - an alternative web browser. This version is vulnerable to a security weakness. A problem has been identified in the handling of zipped skin files by Opera. Because of this, it may be possible for an attacker to gain unauthorized access to a system using the...
CVE-2005-0304
Directory traversal vulnerability in DivX Player 2.6 and earlier allows remote attackers to overwrite arbitrary files via a .. dot dot in a filename in a ZIP file for a skin...
DivX Player skin files directory traversal
During installation of DivX skin file it's possible ot overwrite any files in any location...
Winamp < 5.0.5 Skin File (.WSZ) Local Zone Arbitrary Code Execution
The remote host is using Winamp, a popular media player which handles many files format mp3, wavs and more... The remote version of this software is vulnerable to a code execution flaw when processing a malformed .WSZ Winamp Skin file. An attacker may exploit this flaw by sending a malformed .wsz...
CVE-2004-0820
Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file...
CVE-2004-0820
Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file...