Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3007

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-3007
Last Modified 07 Mar 2011 09:37:28
Published 13 Jun 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-3007

Summary

Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ.

Vulnerable Systems

Application

  • Nullsoft Shoutcast Server 1.7.1

  • Nullsoft Shoutcast Server 1.8.3

  • Nullsoft Shoutcast Server 1.8.9

  • Nullsoft Shoutcast Server 1.9.2

  • Nullsoft Shoutcast Server 1.9.4

  • Nullsoft Shoutcast Server 1.9.5


References

VUPEN - ADV-2006-2254

BID - 18376

SECUNIA - 20524

BUGTRAQ - 20060608 bug of script injection in shoutcast servers

XF - shoutcast-djfields-xss(27129)

GENTOO - GLSA-200607-05

SECUNIA - 21005


Last Updated: 27 May 2016 10:42:51