Nullsoft Shoutcast Server vulnerabilities
10 known vulnerabilities affecting nullsoft/shoutcast_server.
Total CVEs
10
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM3LOW2
Vulnerabilities
Page 1 of 1
CVE-2004-1373P3HIGHCVSS 7.5PoCv1.9.42004-12-23
CVE-2004-1373 [HIGH] CVE-2004-1373: Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers to cause a denial of service
Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via format string specifiers in a content URL, as demonstrated in the filename portion of a .mp3 file.
nvd
CVE-2002-0907P3HIGHCVSS 7.5PoCv1.8.92002-10-04
CVE-2002-0907 [HIGH] CVE-2002-0907: Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 allows a remote authenticated DJ
Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 allows a remote authenticated DJ to execute arbitrary code on the server via a long value in a header whose name begins with "icy-".
nvd
CVE-2007-1229P4MEDIUMCVSS 4.3PoCv1.9.72007-03-02
CVE-2007-1229 [MEDIUM] CWE-79 CVE-2007-1229: Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attacke
Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when viewing the log file.
nvd
CVE-2006-3534P4HIGHCVSS 7.8≤ 1.9.5v1.7.1+6 more2006-07-12
CVE-2006-3534 [HIGH] CVE-2006-3534: Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal
Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content".
nvd
CVE-2003-1174P4LOWCVSS 2.1PoCv1.9.22003-12-31
CVE-2003-1174 [LOW] CVE-2003-1174: Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service v
Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service via (1) icy-name followed by a long server name or (2) icy-url followed by a long URL.
nvd
CVE-2002-0199P4HIGHCVSS 7.5v1.8.32002-05-16
CVE-2002-0199 [HIGH] CVE-2002-0199: Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 allows remote attackers to cause a
Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an argument with a large number of backslashes.
nvd
CVE-1999-1561P4HIGHCVSS 7.2v1.9.71999-08-20
CVE-1999-1561 [HIGH] CVE-1999-1561: Nullsoft SHOUTcast server stores the administrative password in plaintext in a configuration file (s
Nullsoft SHOUTcast server stores the administrative password in plaintext in a configuration file (sc_serv.conf), which could allow a local user to gain administrative privileges on the server.
nvd
CVE-2001-1304P4MEDIUMCVSS 5.0v1.8.22001-08-03
CVE-2001-1304 [MEDIUM] CVE-2001-1304: Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to cause a denial of service (cras
Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to cause a denial of service (crash) via several HTTP requests with a long (1) user-agent or (2) host HTTP header.
nvd
CVE-2006-3007P4MEDIUMCVSS 4.3v1.7.1v1.8.3+4 more2006-06-13
CVE-2006-3007 [MEDIUM] CVE-2006-3007: Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inj
Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ.
nvd
CVE-2002-1470P4LOWCVSS 2.1v1.8.92003-04-22
CVE-2002-1470 [LOW] CVE-2002-1470: SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a
SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log file.
nvd