Nullsoft

nullsoft

76 CVEs • 4 products

Products (4)

Click to collapse

Toggle

Nullsoft Scriptable Install System

nullsoft_scriptable_install_system

CVEs (76)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2006-3228 1Nullsoft 1Winamp Apr 16, 2026 Jun 26, 2006 N/A· v4 N/A· v3 9.3 HIGH· v2 Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file.
CVE-2006-3007 1Nullsoft 1Shoutcast Server Apr 16, 2026 Jun 13, 2006 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ.
CVE-2006-0720 1Nullsoft 1Winamp Apr 16, 2026 Feb 23, 2006 N/A· v4 N/A· v3 7.6 HIGH· v2 Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncp...Show more Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file.Show less
CVE-2006-0708 1Nullsoft 1Winamp Apr 16, 2026 Feb 15, 2006 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long...Show more Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476.Show less
CVE-2006-0476 1Nullsoft 1Winamp Apr 16, 2026 Jan 31, 2006 N/A· v4 N/A· v3 7.6 HIGH· v2 Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).
CVE-2005-3188 1Nullsoft 1Winamp Apr 16, 2026 Dec 31, 2005 N/A· v4 N/A· v3 7.6 HIGH· v2 Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a diffe...Show more Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476.Show less
CVE-2005-2310 1Nullsoft 1Winamp Apr 16, 2026 Jul 19, 2005 N/A· v4 N/A· v3 9.3 HIGH· v2 Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE.
CVE-2004-1119 1Nullsoft 1Winamp Apr 16, 2026 Jan 10, 2005 N/A· v4 N/A· v3 10.0 HIGH· v2 Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file.
CVE-2004-2384 1Nullsoft 1Winamp Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 5.0 MEDIUM· v2 NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file with a long filename, which causes the victim's player to crash when the file is opened from the command line.
CVE-2004-1896 1Nullsoft 1Winamp Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 7.6 HIGH· v2 Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file.
CVE-2004-1396 1Nullsoft 1Winamp Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 2.6 LOW· v2 Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .n...Show more Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file.Show less
CVE-2004-1150 1Nullsoft 1Winamp Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a...Show more Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file.Show less
CVE-2004-1373 1Nullsoft 1Shoutcast Server Apr 16, 2026 Dec 23, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via format string specifiers in a content URL, as demonstrated in the fil...Show more Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via format string specifiers in a content URL, as demonstrated in the filename portion of a .mp3 file.Show less
CVE-2004-0820 1Nullsoft 1Winamp Apr 16, 2026 Aug 28, 2004 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file.
CVE-2003-1274 1Nullsoft 1Winamp Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as aux.
CVE-2003-1273 1Nullsoft 1Winamp Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 2.1 LOW· v2 Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters.
CVE-2003-1272 1Nullsoft 1Winamp Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: ar...Show more Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter.Show less
CVE-2003-1174 1Nullsoft 1Shoutcast Server Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 2.1 LOW· v2 Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service via (1) icy-name followed by a long server name or (2) icy-url followed by a long URL.
CVE-2003-0765 1Nullsoft 1Winamp Apr 16, 2026 Sep 17, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value.
CVE-2002-1470 1Nullsoft 1Shoutcast Server Apr 16, 2026 Apr 22, 2003 N/A· v4 N/A· v3 2.1 LOW· v2 SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log file.

Previous 1 234 Next