Vulnerabilities > Nullsoft > Shoutcast Server > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-07-12 | CVE-2006-3534 | Directory Traversal vulnerability in Shoutcast Server Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content". | 7.8 |
| 2004-12-23 | CVE-2004-1373 | Unspecified vulnerability in Nullsoft Shoutcast Server 1.9.4 Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via format string specifiers in a content URL, as demonstrated in the filename portion of a .mp3 file. | 7.5 |
| 2002-10-04 | CVE-2002-0907 | Remote Buffer Overflow vulnerability in Nullsoft Shoutcast Server 1.8.9 Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 allows a remote authenticated DJ to execute arbitrary code on the server via a long value in a header whose name begins with "icy-". | 7.5 |
| 2002-05-16 | CVE-2002-0199 | Denial Of Service vulnerability in Nullsoft Shoutcast Server 1.8.3 Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an argument with a large number of backslashes. | 7.5 |
| 1999-08-20 | CVE-1999-1561 | Unspecified vulnerability in Nullsoft Shoutcast Server 1.9.7 Nullsoft SHOUTcast server stores the administrative password in plaintext in a configuration file (sc_serv.conf), which could allow a local user to gain administrative privileges on the server. | 7.2 |