CVE-2014-9091
https://notcve.org/view.php?id=CVE-2014-9091
Icecast before 2.4.0 does not change the supplementary group privileges when <changeowner> is configured, which allows local users to gain privileges via unspecified vectors. Icecast anterior a 2.4.0 no cambia los privilegios de grupo suplementario cuando está configurado, lo que permite a usuarios locales ganar privilegios a través de vectores no especificados. • http://icecast.org/news/icecast-release-2_4_0 http://lists.opensuse.org/opensuse-updates/2014-12/msg00037.html http://seclists.org/oss-sec/2014/q4/794 http://seclists.org/oss-sec/2014/q4/802 https://bugzilla.redhat.com/show_bug.cgi?id=1168146 https://trac.xiph.org/changeset/19137 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-9018
https://notcve.org/view.php?id=CVE-2014-9018
Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors. Icecast anterior a 2.4.1 transmite las salidas de las secuencias de comandos 'on-connect', lo que podría permitir a atacantes remotos obtener información sensible, relacionado con descriptores de ficheros compartidos. • http://icecast.org/news/icecast-release-2_4_1 http://lists.opensuse.org/opensuse-updates/2014-12/msg00038.html http://www.mandriva.com/security/advisories?name=MDVSA-2014:231 http://www.openwall.com/lists/oss-security/2014/11/19/23 http://www.openwall.com/lists/oss-security/2014/11/20/22 http://www.securityfocus.com/bid/71312 https://exchange.xforce.ibmcloud.com/vulnerabilities/98991 https://trac.xiph.org/ticket/2087 https://trac.xiph.org/ticket/2089 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2005-0838 – Icecast 2.x - XSL Parser Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-0838
Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow attackers to cause a denial of service and possibly execute arbitrary code via (1) a long test value in an xsl:when tag, (2) a long test value in an xsl:if tag, or (3) a long select value in an xsl:value-of tag. • https://www.exploit-db.com/exploits/25238 http://securitytracker.com/id?1013475 http://www.securityfocus.com/archive/1/393705 http://www.securityfocus.com/bid/12849 https://exchange.xforce.ibmcloud.com/vulnerabilities/19753 •
CVE-2005-0837
https://notcve.org/view.php?id=CVE-2005-0837
IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . (dot). • http://secunia.com/advisories/14644 http://securitytracker.com/id?1013475 http://www.securityfocus.com/archive/1/393705 http://www.securityfocus.com/bid/12849 https://exchange.xforce.ibmcloud.com/vulnerabilities/19760 •
CVE-2004-1561 – Icecast 2.0.1 (Win32) - Remote Code Execution
https://notcve.org/view.php?id=CVE-2004-1561
Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers. • https://www.exploit-db.com/exploits/568 https://www.exploit-db.com/exploits/573 https://www.exploit-db.com/exploits/16763 https://github.com/ivanitlearning/CVE-2004-1561 https://github.com/thel1nus/CVE-2004-1561-Notes https://github.com/darrynb89/CVE-2004-1561 https://github.com/ratiros01/CVE-2004-1561 http://aluigi.altervista.org/adv/iceexec-adv.txt http://marc.info/?l=bugtraq&m=109640005127644&w=2 http://marc.info/?l=bugtraq&m=109674593230539&w=2 http:/ •