Vulnerabilities > Nullsoft > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-06-13 | CVE-2006-3007 | HTML Injection vulnerability in Nullsoft SHOUTcast Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ. network nullsoft | 4.3 |
| 2004-12-31 | CVE-2004-2384 | Denial of Service vulnerability in Nullsoft Winamp 5.02 NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file with a long filename, which causes the victim's player to crash when the file is opened from the command line. | 5.0 |
| 2004-12-31 | CVE-2004-1150 | Remote Buffer Overflow vulnerability in Nullsoft Winamp Variant Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file. | 5.1 |
| 2004-08-28 | CVE-2004-0820 | Local Security vulnerability in Winamp Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file. | 4.6 |
| 2003-12-31 | CVE-2003-1274 | Denial-Of-Service vulnerability in Nullsoft Winamp 3.0 Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as aux. | 5.0 |
| 2002-12-31 | CVE-2002-2392 | Unspecified vulnerability in Nullsoft Winamp Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code. | 6.4 |
| 2002-12-31 | CVE-2002-2195 | Buffer Overflow vulnerability in Nullsoft Winamp Automatic Update Check Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who can spoof www.winamp.com to execute arbitrary code via a long server response. | 5.0 |
| 2001-08-03 | CVE-2001-1304 | Denial-Of-Service vulnerability in Nullsoft Shoutcast Server 1.8.2 Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to cause a denial of service (crash) via several HTTP requests with a long (1) user-agent or (2) host HTTP header. | 5.0 |