Nullsoft: Security Vulnerabilities
Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname.
CVSS Score
2.6
EPSS Score
0.009
Published
2002-05-31
Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an argument with a large number of backslashes.
CVSS Score
7.5
EPSS Score
0.034
Published
2002-05-16
Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to cause a denial of service (crash) via several HTTP requests with a long (1) user-agent or (2) host HTTP header.
CVSS Score
5.0
EPSS Score
0.019
Published
2001-08-03
Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute arbitrary code via a long string in an AIP file.
CVSS Score
7.5
EPSS Score
0.035
Published
2001-06-27
Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist.
CVSS Score
7.5
EPSS Score
0.04
Published
2000-07-20
Buffer overflow in Winamp client allows remote attackers to execute commands via a long entry in a .pls file.
CVSS Score
7.2
EPSS Score
0.021
Published
2000-01-04
Nullsoft SHOUTcast server stores the administrative password in plaintext in a configuration file (sc_serv.conf), which could allow a local user to gain administrative privileges on the server.
CVSS Score
7.2
EPSS Score
0.003
Published
1999-08-20
Page 8