Zax

**Name of the Vulnerable Software and Affected Versions** Mini-stream CastRipper version 2.50.70 **Description** The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved by providing a long URL in the `playlist` section of a .pls file. **Recommendations** For Mini-stream CastRipper version 2.50.70, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ease Audio Cutter version 1.20 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash, by providing a long string in a WAV file. **Recommendations** For Ease Audio Cutter version 1.20, consider avoiding the use of WAV files with long strings until a fix is available. As a temporary workaround, restrict the handling of WAV files to minimize the risk of application crash.

**Name of the Vulnerable Software and Affected Versions** Tuniac version 090517c **Description** The issue allows remote attackers to cause a denial of service, potentially leading to a crash, or possibly execute arbitrary code. This can be achieved via a long `File1` argument in a .pls playlist file, which may be related to a buffer overflow. **Recommendations** For version 090517c, consider updating to a newer version that addresses this issue, as no specific fix is provided for this version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MP3 Collector version 2.3 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash. This can be achieved by including a long URL in a .m3u playlist file. **Recommendations** For MP3 Collector version 2.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Triologic Media Player versions 7.0.0 through 8.0.0.0 **Description** The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This can be achieved by using a long string in a .m3u playlist file. The attack requires user assistance. **Recommendations** For versions 7.0.0 through 8.0.0.0, update to a version that contains a fix for this issue to prevent arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPmyGallery version 1.51 gold **Description** The issue allows remote attackers to list arbitrary directories via a .. (dot dot) in the `group` parameter in the "index.php" file. **Recommendations** For PHPmyGallery version 1.51 gold, consider restricting access to the `group` parameter in the "index.php" file to minimize the risk of exploitation.