Filtered by vendor Nullsoft
Subscribe
Total
76 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2310 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 9.3 HIGH | N/A |
| Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE. | |||||
| CVE-2002-1470 | 1 Nullsoft | 1 Shoutcast Server | 2025-04-03 | 2.1 LOW | N/A |
| SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log file. | |||||
| CVE-2006-3535 | 1 Nullsoft | 1 Shoutcast Dsp | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.7 allows remote attackers to read arbitrary files via unspecified vectors that are a "slight variation" of CVE-2006-3534. | |||||
| CVE-2004-0820 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 4.6 MEDIUM | N/A |
| Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file. | |||||
| CVE-2006-0708 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 9.3 HIGH | N/A |
| Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476. | |||||
| CVE-2003-1174 | 1 Nullsoft | 1 Shoutcast Server | 2025-04-03 | 2.1 LOW | N/A |
| Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service via (1) icy-name followed by a long server name or (2) icy-url followed by a long URL. | |||||
| CVE-2004-2384 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 5.0 MEDIUM | N/A |
| NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file with a long filename, which causes the victim's player to crash when the file is opened from the command line. | |||||
| CVE-2004-1119 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file. | |||||
| CVE-2004-1396 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 2.6 LOW | N/A |
| Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file. | |||||
| CVE-2006-3228 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 9.3 HIGH | N/A |
| Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file. | |||||
| CVE-2003-1274 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 5.0 MEDIUM | N/A |
| Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as aux. | |||||
| CVE-2002-0284 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 2.6 LOW | N/A |
| Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname. | |||||
| CVE-2000-0624 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist. | |||||
| CVE-2023-37378 | 1 Nullsoft | 1 Nullsoft Scriptable Install System | 2024-11-21 | N/A | 5.3 MEDIUM |
| Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory. | |||||
| CVE-2015-9268 | 2 Debian, Nullsoft | 2 Debian Linux, Nullsoft Scriptable Install System | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime. | |||||
| CVE-2015-9267 | 2 Debian, Nullsoft | 2 Debian Linux, Nullsoft Scriptable Install System | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
| Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program. | |||||