Debian reported:
Steve Kemp discovered two vulnerabilities in gnump3d, a streaming
server for MP3 and OGG files. The Common Vulnerabilities and
Exposures Project identifies the following problems:
CVE-2005-3122
The 404 error page does not strip malicious javascript content
from the resulting page, which would be executed in the victims
browser.
CVE-2005-3123
By using specially crafting URLs it is possible to read arbitary
files to which the user of the streaming server has access to.