Filtered by vendor Nullsoft
Subscriptions
Total
77 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0720 | 1 Nullsoft | 1 Winamp | 2025-04-03 | N/A |
| Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file. | ||||
| CVE-2006-3228 | 1 Nullsoft | 1 Winamp | 2025-04-03 | N/A |
| Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file. | ||||
| CVE-2006-3535 | 1 Nullsoft | 1 Shoutcast Dsp | 2025-04-03 | N/A |
| Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.7 allows remote attackers to read arbitrary files via unspecified vectors that are a "slight variation" of CVE-2006-3534. | ||||
| CVE-2002-0547 | 1 Nullsoft | 1 Winamp | 2025-04-03 | N/A |
| Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field of an ID3v2 tag. | ||||
| CVE-2002-2392 | 1 Nullsoft | 1 Winamp | 2025-04-03 | N/A |
| Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code. | ||||
| CVE-2004-1896 | 1 Nullsoft | 1 Winamp | 2025-04-03 | N/A |
| Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file. | ||||
| CVE-2002-1524 | 1 Nullsoft | 1 Winamp | 2025-04-03 | N/A |
| Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag. | ||||
| CVE-2006-3007 | 1 Nullsoft | 1 Shoutcast Server | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ. | ||||
| CVE-2004-1119 | 1 Nullsoft | 1 Winamp | 2025-04-03 | N/A |
| Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file. | ||||
| CVE-2004-1150 | 1 Nullsoft | 1 Winamp | 2025-04-03 | N/A |
| Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file. | ||||
| CVE-2006-3534 | 1 Nullsoft | 1 Shoutcast Server | 2025-04-03 | N/A |
| Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content". | ||||
| CVE-2006-0476 | 1 Nullsoft | 1 Winamp | 2025-04-03 | N/A |
| Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field). | ||||
| CVE-2002-0199 | 1 Nullsoft | 1 Shoutcast Server | 2025-04-03 | N/A |
| Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an argument with a large number of backslashes. | ||||
| CVE-1999-1561 | 1 Nullsoft | 1 Shoutcast Server | 2025-04-03 | N/A |
| Nullsoft SHOUTcast server stores the administrative password in plaintext in a configuration file (sc_serv.conf), which could allow a local user to gain administrative privileges on the server. | ||||
| CVE-2023-37378 | 1 Nullsoft | 1 Nullsoft Scriptable Install System | 2024-11-21 | 5.3 Medium |
| Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory. | ||||
| CVE-2015-9268 | 2 Debian, Nullsoft | 2 Debian Linux, Nullsoft Scriptable Install System | 2024-11-21 | 7.8 High |
| Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime. | ||||
| CVE-2015-9267 | 2 Debian, Nullsoft | 2 Debian Linux, Nullsoft Scriptable Install System | 2024-11-21 | 5.5 Medium |
| Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program. | ||||