10 matches found
CVE-2002-1470
SHOUTcast 1.8.9 and earlier is affected. A local attacker can obtain the cleartext administrative password by issuing a GET request to port 8001, which causes the password to be written to the world-readable sc_serv.log file. This exposes credentials via local access and file exposure. No remedia...
CVE-2001-1304
Summary: CVE-2001-1304 affects SHOUTcast Server 1.8.2, where a buffer overflow in handling HTTP headers (user-agent or host) can cause a remote DoS (crash). This is supported by multiple sources (CVE entry, OpenVAS/Nessus plugins) that identify the vulnerability as a denial-of-service triggered b...
CVE-2006-3007
SHOUTcast 1.9.5 is affected by multiple XSS vulnerabilities that allow remote attackers to inject arbitrary HTML or script via the DJ fields Description, URL, Genre, AIM, and ICQ. The core issue is input sanitization in these fields, enabling HTML/script injection on the client side. OpenVAS and ...
CVE-2004-1373
CVE-2004-1373 describes a format-string vulnerability in SHOUTcast 1.9.4 where a specially crafted filename in a URL can cause a crash or remote code execution. Multiple public sources (Metasploit module, Exploit-DB, and vendor/OpenVAS advisories) corroborate remote code execution and denial of s...
CVE-1999-1561
Technical details about CVE-1999-1561 are not publicly provided in the supplied documents. Monitor for updates from official advisories; no concrete affected products, versions, or fixes are present here.
CVE-2002-0199
The CVE-2002-0199 entry concerns Nullsoft Shoutcast Server 1.8.3 and specifically the admin.cgi component. The vulnerability is a buffer overflow triggered by an argument containing a large number of backslashes, allowing a remote attacker to cause a denial of service and, per some sources, poten...
CVE-2007-1229
CVE-2007-1229 affects the Nullsoft Shoutcast Server 1.9.7. The vulnerability is a cross-site scripting (XSS) in the web administrator interface when viewing the log file, triggered via the top-level URI on the Incoming interface (port 8001/tcp). The root cause is improper handling of the top-leve...
CVE-2006-3534
The SHOUTcast DSP server is affected by two CVEs: CVE-2006-3534 (pre-1.9.6) and CVE-2006-3535 (pre-1.9.7). The underlying issue is a directory traversal filter bug that decodes input after treating encoded sequences, enabling remote attackers to read arbitrary files via encoded dot-dot (%2E%2E) i...
CVE-2002-0907
CVE-2002-0907 affects SHOUTcast servers (notably 1.8.9 and other versions prior to 1.8.12). The issue is a buffer overflow triggered by a long value in a header starting with icy-, allowing a remote authenticated DJ to execute arbitrary code on the server. The available data do not describe explo...
CVE-2003-1174
Technical details about CVE-2003-1174 are not publicly available in the provided documents. Monitor for updates from official advisories.