Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when viewing the log file.
Max CVSS
4.3
EPSS Score
85.48%
Published
2007-03-02
Updated
2018-10-16
Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content".
Max CVSS
7.8
EPSS Score
2.48%
Published
2006-07-12
Updated
2011-03-08
Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ.
Max CVSS
4.3
EPSS Score
0.62%
Published
2006-06-13
Updated
2017-07-20

CVE-2004-1373

Public exploit
Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via format string specifiers in a content URL, as demonstrated in the filename portion of a .mp3 file.
Max CVSS
7.5
EPSS Score
97.16%
Published
2004-12-23
Updated
2017-07-11
Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 allows a remote authenticated DJ to execute arbitrary code on the server via a long value in a header whose name begins with "icy-".
Max CVSS
7.5
EPSS Score
1.83%
Published
2002-10-04
Updated
2008-09-05
Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an argument with a large number of backslashes.
Max CVSS
7.5
EPSS Score
2.55%
Published
2002-05-16
Updated
2016-10-18
Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to cause a denial of service (crash) via several HTTP requests with a long (1) user-agent or (2) host HTTP header.
Max CVSS
5.0
EPSS Score
0.25%
Published
2001-08-03
Updated
2008-09-05
Nullsoft SHOUTcast server stores the administrative password in plaintext in a configuration file (sc_serv.conf), which could allow a local user to gain administrative privileges on the server.
Max CVSS
7.2
EPSS Score
0.04%
Published
1999-08-20
Updated
2008-09-05
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!