Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nullsoft vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2002-0284
Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname.
Nullsoft Winamp 2.77
Nullsoft Winamp 2.78
NA
CVE-2002-0546
Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote malicious users to execute script via an ID3v1 or ID3v2 tag in an MP3 file.
Nullsoft Winamp 2.79
Nullsoft Winamp 2.78
NA
CVE-2006-0720
Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the fi...
Nullsoft Winamp 5.12
Nullsoft Winamp 5.13
1 EDB exploit
NA
CVE-2006-3535
Directory traversal vulnerability in Nullsoft SHOUTcast DSP prior to 1.9.7 allows remote malicious users to read arbitrary files via unspecified vectors that are a "slight variation" of CVE-2006-3534.
Nullsoft Shoutcast Dsp 1.9.5
Nullsoft Shoutcast Dsp 1.9.6
5.5
CVSSv3
CVE-2015-9267
Nullsoft Scriptable Install System (NSIS) prior to 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.
Nullsoft Nullsoft Scriptable Install System
Debian Debian Linux 8.0
7.8
CVSSv3
CVE-2015-9268
Nullsoft Scriptable Install System (NSIS) prior to 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime.
Nullsoft Nullsoft Scriptable Install System
Debian Debian Linux 8.0
NA
CVE-2008-3441
Nullsoft Winamp prior to 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Nullsoft Winamp
NA
CVE-2012-4045
Multiple heap-based buffer overflows in bmp.w5s in Winamp prior to 5.63 build 3235 allow remote malicious users to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an A...
Nullsoft Winamp
NA
CVE-2000-0624
Buffer overflow in Winamp 2.64 and previous versions allows remote malicious users to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist.
Nullsoft Winamp
1 EDB exploit
NA
CVE-2002-0547
Buffer overflow in the mini-browser for Winamp 2.79 and previous versions allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field of an ID3v2 tag.
Nullsoft Winamp
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »