Peter Kosinar

**Name of the Vulnerable Software and Affected Versions** Nullsoft SHOUTcast DSP versions prior to 1.9.6 **Description** The issue allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content". This is due to a directory traversal vulnerability that does not properly filter directory traversal sequences before decoding. **Recommendations** For versions prior to 1.9.6, update to version 1.9.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/content" directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Nullsoft SHOUTcast DSP versions prior to 1.9.7 **Description** A directory traversal issue allows remote attackers to read arbitrary files. The attack vectors are a slight variation of a previously known issue. **Recommendations** For versions prior to 1.9.7, update to version 1.9.7 or later to resolve the issue.