CVE-2006-3534

Name of the Vulnerable Software and Affected Versions Nullsoft SHOUTcast DSP versions prior to 1.9.6

Description The issue allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content". This is due to a directory traversal vulnerability that does not properly filter directory traversal sequences before decoding.

Recommendations For versions prior to 1.9.6, update to version 1.9.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/content" directory to minimize the risk of exploitation.