Directory traversal vulnerability in Nullsoft SHOUTcast DSP prior to 1.9.6 filters directory traversal sequences before decoding, which allows remote malicious users to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content".
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
nullsoft shoutcast server 1.8.3 |
||
nullsoft shoutcast server 1.9.2 |
||
nullsoft shoutcast server 1.8.9 |
||
nullsoft shoutcast server 1.9.4 |
||
nullsoft shoutcast server 1.9.5 |
||
nullsoft shoutcast server 1.7.1 |
||
nullsoft shoutcast server 1.8.2 |
||
nullsoft shoutcast server |