Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
NullsoftWinamp

61 matches found

CVE
CVEadded 2007/08/17 10:17 p.m.34 views

CVE-2007-4392

Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and application crash) via an M3U file that recursively includes itself.

4.3CVSS7.1AI score0.01068EPSS
CVE
CVEadded 2004/09/01 4:0 a.m.32 views

CVE-2002-0546

Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file.

7.5CVSS7AI score0.01048EPSS
CVE
CVEadded 2004/09/02 4:0 a.m.32 views

CVE-2004-0820

Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file.

4.6CVSS7.2AI score0.04296EPSS
CVE
CVEadded 2008/08/10 8:41 p.m.32 views

CVE-2008-3567

Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags.

4.3CVSS5.7AI score0.00578EPSS
CVE
CVEadded 2009/01/23 7:0 p.m.32 views

CVE-2009-0263

Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file.

10CVSS8AI score0.05562EPSS
CVE
CVEadded 2010/12/02 4:22 p.m.32 views

CVE-2010-4374

The in_mkv plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via a Matroska Video (MKV) file containing a string with a crafted length.

4.3CVSS6.6AI score0.005EPSS
CVE
CVEadded 2010/12/02 4:22 p.m.31 views

CVE-2010-4372

Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to improper allocation of memory for NSV metadata, a different vulnerability than CVE-2010-2586.

9.3CVSS7AI score0.11189EPSS
CVE
CVEadded 2007/11/01 5:0 p.m.30 views

CVE-2002-2412

Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts.

2.1CVSS7.2AI score0.00057EPSS
CVE
CVEadded 2004/09/01 4:0 a.m.29 views

CVE-2002-1524

Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag.

7.5CVSS8.3AI score0.04755EPSS
CVE
CVEadded 2010/12/02 4:22 p.m.29 views

CVE-2010-4370

Multiple integer overflows in the in_midi plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted MIDI file that triggers a buffer overflow.

9.3CVSS7.7AI score0.06539EPSS
CVE
CVEadded 2011/12/16 7:55 p.m.28 views

CVE-2011-4857

Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5.623 allows remote attackers to execute arbitrary code via crafted song message data in an Impulse Tracker (IT) file. NOTE: some of these details are obtained from third party information.

10CVSS8.2AI score0.12802EPSS
Total number of security vulnerabilities61