Vulnerabilities > Nullsoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-12 | CVE-2007-4619 | Numeric Errors vulnerability in multiple products Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow. | 9.3 |
| 2007-08-17 | CVE-2007-4392 | Denial-Of-Service vulnerability in Nullsoft Winamp 5.35 Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and application crash) via an M3U file that recursively includes itself. network nullsoft | 4.3 |
| 2007-05-04 | CVE-2007-2498 | Buffer Overflow vulnerability in Winamp MP4 File Parsing libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. | 9.3 |
| 2007-04-24 | CVE-2007-2180 | Denial of Service vulnerability in Nullsoft Winamp 5.3 Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file. network nullsoft | 7.1 |
| 2007-04-10 | CVE-2007-1922 | Improper Input Validation vulnerability in Nullsoft Winamp 5.33 The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption. | 9.3 |
| 2007-04-10 | CVE-2007-1921 | Remote Code Execution vulnerability in Nullsoft Winamp 5.33 LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT file that contains a value that is used as an offset, which triggers memory corruption. | 9.3 |
| 2007-03-02 | CVE-2007-1229 | Cross-Site Scripting vulnerability in Nullsoft Shoutcast Server 1.9.7 Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when viewing the log file. | 4.3 |
| 2006-10-27 | CVE-2006-5567 | Remote Heap Overflow vulnerability in Nullsoft Winamp Ultravox Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) unspecified Lyrics3 tags. | 9.3 |
| 2006-07-12 | CVE-2006-3535 | Directory Traversal vulnerability in Shoutcast DSP 1.9.5/1.9.6 Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.7 allows remote attackers to read arbitrary files via unspecified vectors that are a "slight variation" of CVE-2006-3534. | 5.0 |
| 2006-07-12 | CVE-2006-3534 | Directory Traversal vulnerability in Shoutcast Server Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content". | 7.8 |