Design/Logic Flaw

Nullsoft Scriptable Install System NSIS before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime...

CVE-2015-9268

Nullsoft Scriptable Install System NSIS before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime...

DEBIAN-CVE-2015-9267

Nullsoft Scriptable Install System NSIS before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program...

DEBIAN-CVE-2015-9268

Nullsoft Scriptable Install System NSIS before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime...

UBUNTU-CVE-2015-9268

Nullsoft Scriptable Install System NSIS before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime...

CVE-2015-9267

Nullsoft Scriptable Install System NSIS before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program...

CVE-2015-9267

Nullsoft Scriptable Install System NSIS before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program...

KMPlayer .nsv Denial of Service Vulnerability

KMPlayer is a video player developed by the KMPlayer team for the Linux and UNIX operating systems. The player uses Mplayer, Xine and GStreamer as decoding backends, and is one of the components of KDE. A denial of service vulnerability exists in KMPlayer .nsv version 4.2.2.4. A remote attacker c...

KMPlayer 4.2.2.4 - Denial of Service Exploit

Exploit for windows platform in category dos / poc ! /usr/bin/perl Exploit Title: KMPlayer .nsv Denial of Service Date: 2017-11-22 Exploit Author: R.Yavari Version: v4.2.2.4 Tested on: Windows 10 , Windows 7 other version should be affected NSV is Streaming video container format developed by...

KMPlayer 4.2.2.4 - Denial of Service

KMPlayer 4.2.2.4 - Denial of Service ! /usr/bin/perl Exploit Title: KMPlayer .nsv Denial of Service Date: 2017-11-22 Exploit Author: R.Yavari Version: v4.2.2.4 Tested on: Windows 10 , Windows 7 other version should be affected NSV is Streaming video container format developed by Nullsoft; used fo...

KMPlayer 4.2.2.4 - Denial of Service

!/usr/bin/perl Exploit Title: KMPlayer .nsv Denial of Service Date: 2017-11-22 Exploit Author: R.Yavari Version: v4.2.2.4 Tested on: Windows 10 , Windows 7 other version should be affected NSV is Streaming video container format developed by Nullsoft; used for streaming video clips over the...

FFmpeg libavformat/nsvdec.c File Resource Management Error Vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in the libavformat/nsvdec.c file in FFmpeg version 3.3.3, which is caused by the program's failure to adequately detect EOF End of File. A remote attacker ca...

MGASA-2017-0271 Updated mingw-nsis packages fix security vulnerability

The Nullsoft Scriptable Install System version 2.50 contains a DLL hijacking attack which allows administrative root level access on the target Windows system...

Updated mingw-nsis packages fix security vulnerability

The Nullsoft Scriptable Install System version 2.50 contains a DLL hijacking attack which allows administrative root level access on the target Windows system...

Taking the FIRST look at Crypt0l0cker

This post is authored by Matthew Molyett.Executive SummaryIn March, Talos reported on the details of Crypt0l0cker based on an extensive analysis I carried out on the sample binaries. Binaries -- plural -- because, as noted in the original blog, the Crypt0l0cker payload leveraged numerous executab...

Nullsoft Shoutcast Server Request Log CrossSite Scripting - Ver2 (CVE-2007-1229)

A cross-site scripting vulnerability has been reported in Nullsoft Shoutcast Server. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

Nullsoft Scriptable Install System Inetc Plugin Security Bypass Vulnerability

Nullsoft Scriptable Install System NSIS is the United States Nullsoft company's set of script-based open source system used to create Windows installer. Inetc Internet client is one of the Internet to provide file upload and download plug-ins. A security vulnerability exists in the Inetc plug-in...

CVE-2015-0941

The Inetc plugin for Nullsoft Scriptable Install System NSIS, as used in CERT/CC Failure Observation Engine FOE and other products, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and possibly execute arbitrary code by sending a craft...

CVE-2015-0941

CVE-2015-0941 : The Inetc plug‑in for NSIS does not validate SSL certificates, enabling MITM attacks that could spoof servers and potentially execute arbitrary code during download of Windows executables. Affected: NSIS Inetc plug‑in (used in FOE and other products). Impact: possible arbitrary co...

Winamp 5.12 (.m3u) - Stack Based Buffer Overflow

No description provided by source. Exploit Title: Winamp 5.12 .m3u stack based buffer overflow Date: 16 June 2013 Exploit Author: superkojiman - http://www.techorganic.com Vendor Homepage: http://www.winamp.com/ Software Link: http://www.oldapps.com/winamp.php?oldwinamp=211 Version: 5.12 Tested o...