Nullsoft ShoutcastServer Persistant XSS - 0day

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +--------------------------------------- - -- - | SaMuschie Research Labs proudly presents . . . +------------------------------------------- -- - - | Application: Nullsoft ShoutcastServer | Version: 1.9.7/Win32 other versions/platforms not tested |...

Nullsoft SHOUTcast 1.9.7 - Logfile HTML Injection

Nullsoft SHOUTcast 1.9.7 - Logfile HTML Injection source: https://www.securityfocus.com/bid/22742/info Nullsoft SHOUTcast is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML...

Nullsoft SHOUTcast 1.9.7 - Logfile HTML Injection

source: https://www.securityfocus.com/bid/22742/info Nullsoft SHOUTcast is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the...

Update Protection against AOL Nullsoft Winamp Ultravox Heap Overflow Vulnerability

A heap-based buffer overflow vulnerability was detected in the multimedia player AOL Nullsoft Winamp. A remote attacker can exploit this vulnerability to execute arbitrary code on an affected system...

Nullsoft Winamp <= 5.3 (Ultravox-Max-Msg) Heap Overflow DoS PoC

No description provided by source. / Nullsoft Winamp 5.31 Ultravox "Ultravox-Max-Msg" Heap Overflow Dos POC by cocoruderfrankruderathotmail.com,2006/10/30 use like "winampunsv.exe ultravox-max-msgvalue",then the winampunsvsimple ultravox server will listen on tcp port 80,when winamp connect the...

NullSoft Winamp 5.3 - Ultravox-Max-Msg Heap Overflow Denial of Service (PoC)

NullSoft Winamp 5.3 - Ultravox-Max-Msg Heap Overflow Denial of Service PoC / Nullsoft Winamp include include include define SERVERPORT 80 unsigned char buff1header1= "HTTP/1.0 200 OK\x0D\x0A" "Server: Ultravox 3.0\x0D\x0A" "Content-Type: misc/ultravox\x0D\x0A" "Ultravox-SID: 13381\x0D\x0A"...

Nullsoft Winamp <= 5.3 (Ultravox-Max-Msg) Heap Overflow DoS PoC

Exploit for unknown platform in category dos / poc =============================================================== Nullsoft Winamp include include include define SERVERPORT 80 unsigned char buff1header1= "HTTP/1.0 200 OK\x0D\x0A" "Server: Ultravox 3.0\x0D\x0A" "Content-Type: misc/ultravox\x0D\x0A...

NullSoft Winamp 5.3 - Ultravox-Max-Msg Heap Overflow Denial of Service (PoC)

/ Nullsoft Winamp include include include define SERVERPORT 80 unsigned char buff1header1= "HTTP/1.0 200 OK\x0D\x0A" "Server: Ultravox 3.0\x0D\x0A" "Content-Type: misc/ultravox\x0D\x0A" "Ultravox-SID: 13381\x0D\x0A" "Ultravox-Avg-Bitrate: 16000\x0D\x0A" "Ultravox-Max-Bitrate: 24000\x0D\x0A"...

CVE-2006-5567

Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted 1 ultravox-max-msg header to the Ultravox protocol handler or 2 unspecified Lyrics3 tags...

AOL Nullsoft Winamp Lyrics3 heap buffer overflow

Overview AOL Nullsoft Winamp contains a heap-based buffer overflow in the code that handles Lyrics3 tags. This vulnerability may allow a remote, unauthenticated attacker execute arbitrary code on a vulnerable system. Description Lyrics3 is a system for embedding the lyrics inside an MP3 song file...

NullSoft WinAmp Ultravox support multiple security vulnerabilities

Buffer overflows on parsing different tags and headers...

iDefense Security Advisory 10.25.06: AOL Nullsoft Winamp Ultravox &#39;ultravox-max-msg&#39; Header Heap Overflow Vulnerability

AOL Nullsoft Winamp Ultravox 'ultravox-max-msg' Header Heap Overflow Vulnerability iDefense Security Advisory 10.25.06 http://www.idefense.com/intelligence/vulnerabilities/ Oct 25, 2006 I. BACKGROUND Ultravox is a streaming media technology developed by AOL for delivering and publishing streaming...

CVE-2006-3534

Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot %2E%2E sequences in an HTTP GET request for a file path containing "/content"...

CVE-2006-3535

Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.7 allows remote attackers to read arbitrary files via unspecified vectors that are a "slight variation" of CVE-2006-3534...

CVE-2006-3535

CVE-2006-3535 is described as a directory traversal in Nullsoft SHOUTcast DSP before 1.9.7 that allows remote reading of arbitrary files via vectors similar to CVE-2006-3534. The connected documents do not provide further technical details (affected components, root cause, exact vectors, or remed...

CVE-2006-3534

The SHOUTcast DSP server is affected by two CVEs: CVE-2006-3534 (pre-1.9.6) and CVE-2006-3535 (pre-1.9.7). The underlying issue is a directory traversal filter bug that decodes input after treating encoded sequences, enabling remote attackers to read arbitrary files via encoded dot-dot (%2E%2E) i...

CVE-2006-3534

Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot %2E%2E sequences in an HTTP GET request for a file path containing "/content"...

CVE-2006-3535

Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.7 allows remote attackers to read arbitrary files via unspecified vectors that are a "slight variation" of CVE-2006-3534...

Update Protection against SHOUTcast Format String Vulnerability

SHOUTcast is Nullsoft's streaming audio system for Linux and Microsoft Windows platforms. A format string vulnerability was reported in SHOUTcast. A malicious attacker with the ability to send a formatted URL request to the SHOUTcast server may be able to execute arbitrary code on the target syst...

Stack overflow

Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file...