Vulnerabilities > Nullsoft > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-03 | CVE-2023-37378 | Unspecified vulnerability in Nullsoft Scriptable Install System Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory. | 5.3 |
| 2014-05-23 | CVE-2014-3442 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s. | 4.3 |
| 2012-07-11 | CVE-2012-3890 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file. | 6.8 |
| 2012-07-11 | CVE-2012-3889 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file. | 6.8 |
| 2010-12-02 | CVE-2010-4374 | Resource Management Errors vulnerability in Nullsoft Winamp The in_mkv plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via a Matroska Video (MKV) file containing a string with a crafted length. | 4.3 |
| 2010-12-02 | CVE-2010-4373 | Denial-Of-Service vulnerability in Winamp The in_mp4 plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via crafted (1) metadata or (2) albumart in an invalid MP4 file. network nullsoft | 4.3 |
| 2008-08-10 | CVE-2008-3567 | Cross-Site Scripting vulnerability in Nullsoft Winamp Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags. | 4.3 |
| 2007-08-17 | CVE-2007-4392 | Denial-Of-Service vulnerability in Nullsoft Winamp 5.35 Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and application crash) via an M3U file that recursively includes itself. network nullsoft | 4.3 |
| 2007-03-02 | CVE-2007-1229 | Cross-Site Scripting vulnerability in Nullsoft Shoutcast Server 1.9.7 Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when viewing the log file. | 4.3 |
| 2006-07-12 | CVE-2006-3535 | Directory Traversal vulnerability in Shoutcast DSP 1.9.5/1.9.6 Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.7 allows remote attackers to read arbitrary files via unspecified vectors that are a "slight variation" of CVE-2006-3534. | 5.0 |