Filtered by vendor Nullsoft
Subscriptions
Total
77 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1373 | 1 Nullsoft | 1 Shoutcast Server | 2025-04-03 | N/A |
| Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via format string specifiers in a content URL, as demonstrated in the filename portion of a .mp3 file. | ||||
| CVE-2004-1396 | 1 Nullsoft | 1 Winamp | 2025-04-03 | N/A |
| Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file. | ||||
| CVE-2004-1896 | 1 Nullsoft | 1 Winamp | 2025-04-03 | N/A |
| Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file. | ||||
| CVE-2004-2384 | 1 Nullsoft | 1 Winamp | 2025-04-03 | N/A |
| NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file with a long filename, which causes the victim's player to crash when the file is opened from the command line. | ||||
| CVE-2003-1273 | 1 Nullsoft | 1 Winamp | 2025-04-03 | N/A |
| Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters. | ||||
| CVE-2005-2310 | 1 Nullsoft | 1 Winamp | 2025-04-03 | N/A |
| Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE. | ||||
| CVE-2005-3188 | 1 Nullsoft | 1 Winamp | 2025-04-03 | N/A |
| Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476. | ||||
| CVE-2006-3534 | 1 Nullsoft | 1 Shoutcast Server | 2025-04-03 | N/A |
| Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content". | ||||
| CVE-2006-0476 | 1 Nullsoft | 1 Winamp | 2025-04-03 | N/A |
| Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field). | ||||
| CVE-2006-0708 | 1 Nullsoft | 1 Winamp | 2025-04-03 | N/A |
| Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476. | ||||
| CVE-2006-0720 | 1 Nullsoft | 1 Winamp | 2025-04-03 | N/A |
| Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file. | ||||
| CVE-2006-3007 | 1 Nullsoft | 1 Shoutcast Server | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ. | ||||
| CVE-2006-3228 | 1 Nullsoft | 1 Winamp | 2025-04-03 | N/A |
| Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file. | ||||
| CVE-2006-3535 | 1 Nullsoft | 1 Shoutcast Dsp | 2025-04-03 | N/A |
| Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.7 allows remote attackers to read arbitrary files via unspecified vectors that are a "slight variation" of CVE-2006-3534. | ||||
| CVE-2023-37378 | 1 Nullsoft | 1 Nullsoft Scriptable Install System | 2024-11-21 | 5.3 Medium |
| Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory. | ||||
| CVE-2015-9268 | 2 Debian, Nullsoft | 2 Debian Linux, Nullsoft Scriptable Install System | 2024-11-21 | 7.8 High |
| Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime. | ||||
| CVE-2015-9267 | 2 Debian, Nullsoft | 2 Debian Linux, Nullsoft Scriptable Install System | 2024-11-21 | 5.5 Medium |
| Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program. | ||||