Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts.
Max CVSS
2.1
EPSS Score
0.05%
Published
2002-12-31
Updated
2008-09-05
Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code.
Max CVSS
6.4
EPSS Score
0.68%
Published
2002-12-31
Updated
2008-09-05
Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who can spoof www.winamp.com to execute arbitrary code via a long server response.
Max CVSS
5.0
EPSS Score
1.63%
Published
2002-12-31
Updated
2008-09-05
Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows remote attackers to execute arbitrary code via an MP3 file containing a long (1) Artist or (2) Album ID3v2 tag.
Max CVSS
7.5
EPSS Score
2.42%
Published
2002-12-26
Updated
2016-10-18
Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist ID3v2 tag in an MP3 file.
Max CVSS
7.5
EPSS Score
1.60%
Published
2002-12-26
Updated
2016-10-18
Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 allows a remote authenticated DJ to execute arbitrary code on the server via a long value in a header whose name begins with "icy-".
Max CVSS
7.5
EPSS Score
1.83%
Published
2002-10-04
Updated
2008-09-05
Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field of an ID3v2 tag.
Max CVSS
7.5
EPSS Score
2.83%
Published
2002-07-03
Updated
2008-09-05
Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file.
Max CVSS
7.5
EPSS Score
1.06%
Published
2002-07-03
Updated
2008-09-05
Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname.
Max CVSS
2.6
EPSS Score
0.19%
Published
2002-05-31
Updated
2016-10-18
Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an argument with a large number of backslashes.
Max CVSS
7.5
EPSS Score
2.55%
Published
2002-05-16
Updated
2016-10-18
10 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!