Nullsoft Shoutcast Server — known CVE vulnerabilities
Every CVE whose affected-product data names Nullsoft Shoutcast Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2006-3534 — CVSS 7.8 (high): Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which…
CVE-2004-1373 — CVSS 7.5 (high): Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers to cause a denial of service (application crash) and execute…
CVE-2002-0199 — CVSS 7.5 (high): Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 allows remote attackers to cause a denial of service and possibly execute…
CVE-2002-0907 — CVSS 7.5 (high): Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 allows a remote authenticated DJ to execute arbitrary code on the…
CVE-1999-1561 — CVSS 7.2 (high): Nullsoft SHOUTcast server stores the administrative password in plaintext in a configuration file (sc_serv.conf), which could allow a local…
CVE-2001-1304 — CVSS 5.0 (medium): Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to cause a denial of service (crash) via several HTTP requests with a…
CVE-2007-1229 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or…
CVE-2006-3007 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via…
CVE-2003-1174 — CVSS 2.1 (low): Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service via (1) icy-name followed by a long…
CVE-2002-1470 — CVSS 2.1 (low): SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes…