Lucene search
K
NullsoftShoutcast Server

10 matches found

CVE
CVE
•added 2003/03/18 5:0 a.m.•90 views

CVE-2002-1470

SHOUTcast 1.8.9 and earlier is affected. A local attacker can obtain the cleartext administrative password by issuing a GET request to port 8001, which causes the password to be written to the world-readable sc_serv.log file. This exposes credentials via local access and file exposure. No remedia...

2.1CVSS6.7AI score0.00477EPSS
CVE
CVE
•added 2002/05/03 4:0 a.m.•84 views

CVE-2001-1304

Summary: CVE-2001-1304 affects SHOUTcast Server 1.8.2, where a buffer overflow in handling HTTP headers (user-agent or host) can cause a remote DoS (crash). This is supported by multiple sources (CVE entry, OpenVAS/Nessus plugins) that identify the vulnerability as a denial-of-service triggered b...

5CVSS6.9AI score0.01932EPSS
CVE
CVE
•added 2006/06/13 10:0 a.m.•63 views

CVE-2006-3007

SHOUTcast 1.9.5 is affected by multiple XSS vulnerabilities that allow remote attackers to inject arbitrary HTML or script via the DJ fields Description, URL, Genre, AIM, and ICQ. The core issue is input sanitization in these fields, enabling HTML/script injection on the client side. OpenVAS and ...

4.3CVSS5.7AI score0.01528EPSS
CVE
CVE
•added 2005/01/19 5:0 a.m.•53 views

CVE-2004-1373

CVE-2004-1373 describes a format-string vulnerability in SHOUTcast 1.9.4 where a specially crafted filename in a URL can cause a crash or remote code execution. Multiple public sources (Metasploit module, Exploit-DB, and vendor/OpenVAS advisories) corroborate remote code execution and denial of s...

7.5CVSS7.3AI score0.70066EPSS
Web
CVE
CVE
•added 2001/09/12 4:0 a.m.•52 views

CVE-1999-1561

Technical details about CVE-1999-1561 are not publicly provided in the supplied documents. Monitor for updates from official advisories; no concrete affected products, versions, or fixes are present here.

7.2CVSS7.2AI score0.00348EPSS
CVE
CVE
•added 2002/05/03 4:0 a.m.•52 views

CVE-2002-0199

The CVE-2002-0199 entry concerns Nullsoft Shoutcast Server 1.8.3 and specifically the admin.cgi component. The vulnerability is a buffer overflow triggered by an argument containing a large number of backslashes, allowing a remote attacker to cause a denial of service and, per some sources, poten...

7.5CVSS8.1AI score0.03364EPSS
CVE
CVE
•added 2007/03/02 10:0 p.m.•48 views

CVE-2007-1229

CVE-2007-1229 affects the Nullsoft Shoutcast Server 1.9.7. The vulnerability is a cross-site scripting (XSS) in the web administrator interface when viewing the log file, triggered via the top-level URI on the Incoming interface (port 8001/tcp). The root cause is improper handling of the top-leve...

4.3CVSS5.6AI score0.01774EPSS
CVE
CVE
•added 2006/07/12 9:0 p.m.•47 views

CVE-2006-3534

The SHOUTcast DSP server is affected by two CVEs: CVE-2006-3534 (pre-1.9.6) and CVE-2006-3535 (pre-1.9.7). The underlying issue is a directory traversal filter bug that decodes input after treating encoded sequences, enabling remote attackers to read arbitrary files via encoded dot-dot (%2E%2E) i...

7.8CVSS6.6AI score0.02491EPSS
CVE
CVE
•added 2002/08/31 4:0 a.m.•41 views

CVE-2002-0907

CVE-2002-0907 affects SHOUTcast servers (notably 1.8.9 and other versions prior to 1.8.12). The issue is a buffer overflow triggered by a long value in a header starting with icy-, allowing a remote authenticated DJ to execute arbitrary code on the server. The available data do not describe explo...

7.5CVSS7.9AI score0.05634EPSS
CVE
CVE
•added 2005/05/10 4:0 a.m.•40 views

CVE-2003-1174

Technical details about CVE-2003-1174 are not publicly available in the provided documents. Monitor for updates from official advisories.

2.1CVSS6.9AI score0.01157EPSS