| Vulnerability Name: | CVE-2004-1951 (CCN-15939) | ||||||||
| Assigned: | 2004-04-22 | ||||||||
| Published: | 2004-04-22 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | File Manipulation | ||||||||
| References: | Source: MITRE Type: CNA CVE-2004-1951 Source: CCN Type: SA11433 Xine Playlists can Overwrite Arbitrary Files Source: SECUNIA Type: UNKNOWN 11433 Source: GENTOO Type: Patch GLSA-200404-20 Source: CCN Type: GLSA-200404-20 Multiple vulnerabilities in xine Source: CCN Type: GLSA 200404-20 Multiple vulnerabilities in xine Source: OSVDB Type: UNKNOWN 5594 Source: OSVDB Type: UNKNOWN 5739 Source: CCN Type: OSVDB ID: 5594 xine-lib Playlists MRL Arbitrary File Modification Source: CCN Type: OSVDB ID: 5739 xine-ui Playlists MRL Arbitrary File Modification Source: BID Type: Exploit, Patch 10193 Source: CCN Type: BID-10193 Xine And Xine-Lib Multiple Remote File Overwrite Vulnerabilities Source: SLACKWARE Type: UNKNOWN SSA:2004-111 Source: CCN Type: xine security announcement XSA-2004-1 xine-lib Source: CONFIRM Type: Vendor Advisory http://www.xinehq.de/index.php/security/XSA-2004-1 Source: CCN Type: xine security announcement XSA-2004-2 xine-ui Source: CONFIRM Type: Vendor Advisory http://www.xinehq.de/index.php/security/XSA-2004-2 Source: XF Type: UNKNOWN xine-mrl-file-overwrite(15939) Source: XF Type: UNKNOWN xine-mrl-file-overwrite(15939) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||