Shodan
Vulnerabilities
Vulnerable Software
Nullsoft:  Security Vulnerabilities
CVE-2002-1470
SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log file.
CVSS Score
2.1
EPSS Score
0.005
Published
2003-04-22
CVE-2002-1524
Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag.
CVSS Score
7.5
EPSS Score
0.038
Published
2003-04-02
CVE-2002-2195
Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who can spoof www.winamp.com to execute arbitrary code via a long server response.
CVSS Score
5.0
EPSS Score
0.047
Published
2002-12-31
CVE-2002-2392
Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code.
CVSS Score
6.4
EPSS Score
0.026
Published
2002-12-31
CVE-2002-2412
Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts.
CVSS Score
2.1
EPSS Score
0.003
Published
2002-12-31
CVE-2002-1176
Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist ID3v2 tag in an MP3 file.
CVSS Score
7.5
EPSS Score
0.023
Published
2002-12-26
CVE-2002-1177
Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows remote attackers to execute arbitrary code via an MP3 file containing a long (1) Artist or (2) Album ID3v2 tag.
CVSS Score
7.5
EPSS Score
0.026
Published
2002-12-26
CVE-2002-0907
Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 allows a remote authenticated DJ to execute arbitrary code on the server via a long value in a header whose name begins with "icy-".
CVSS Score
7.5
EPSS Score
0.056
Published
2002-10-04
CVE-2002-0546
Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file.
CVSS Score
7.5
EPSS Score
0.017
Published
2002-07-03
CVE-2002-0547
Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field of an ID3v2 tag.
CVSS Score
7.5
EPSS Score
0.033
Published
2002-07-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved