
CVE-2018-18820 – Gentoo Linux Security Advisory 201811-09
https://notcve.org/view.php?id=CVE-2018-18820
04 Nov 2018 — A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution. Se ha descubierto un desbordamiento de búfer en el backend de autenticación de URL en Icecast en versiones anteriores a la 2.4.4. Si el backend está habilitado, cualquier cliente HTTP malicioso puede enviar una petic... • https://github.com/impulsiveness/CVE-2018-18820 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2015-3026 – Debian Security Advisory 3239-1
https://notcve.org/view.php?id=CVE-2015-3026
29 Apr 2015 — Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg." Icecast anterior a 2.4.2, cuando un manejador stream_auth está definido para la autenticación de URLs, permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída) a través de una solicitud si... • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163859.html •

CVE-2014-9091 – Gentoo Linux Security Advisory 201412-38
https://notcve.org/view.php?id=CVE-2014-9091
10 Dec 2014 — Icecast before 2.4.0 does not change the supplementary group privileges when

CVE-2014-9018 – Mandriva Linux Security Advisory 2014-231
https://notcve.org/view.php?id=CVE-2014-9018
27 Nov 2014 — Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors. Icecast anterior a 2.4.1 transmite las salidas de las secuencias de comandos 'on-connect', lo que podría permitir a atacantes remotos obtener información sensible, relacionado con descriptores de ficheros compartidos. Icecast did not properly handle the launching of scripts on connect or disconnect of sources. This could result in sensiti... • http://icecast.org/news/icecast-release-2_4_1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2011-4612
https://notcve.org/view.php?id=CVE-2011-4612
20 Nov 2012 — icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL. icecast antes de v2.3.3 permite a atacantes remotos inyectar caracteres de control, tales como saltos de línea en registro de errores (error.log) a través de una URL maliciosa. • http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090668.html • CWE-20: Improper Input Validation •

CVE-2005-0837
https://notcve.org/view.php?id=CVE-2005-0837
22 Mar 2005 — IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . (dot). • http://secunia.com/advisories/14644 •

CVE-2004-1561 – Icecast 2.0.1 (Win32) - Remote Code Execution
https://notcve.org/view.php?id=CVE-2004-1561
31 Dec 2004 — Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers. • https://www.exploit-db.com/exploits/568 •

CVE-2004-0781
https://notcve.org/view.php?id=CVE-2004-0781
14 Sep 2004 — Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast internal web server (icecast-server) 1.3.12 and earlier allows remote attackers to inject arbitrary web script via the UserAgent parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en list.cgi en el servidor web interno de Icecast (icecast-server) 1.3.12 y anteriores permite a atacantes remotos inyectar script web de su elección mediante el parámetro UserAgent. • http://www.debian.org/security/2004/dsa-541 •

CVE-2004-2027
https://notcve.org/view.php?id=CVE-2004-2027
10 May 2004 — Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers to cause a denial of service (crash) via a long Basic Authorization header that triggers an out-of-bounds read. • http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0378.html •

CVE-2002-1982 – icecast server 1.3.12 - Directory Traversal Information Disclosure
https://notcve.org/view.php?id=CVE-2002-1982
31 Dec 2002 — Directory traversal vulnerability in the list_directory function in Icecast 1.3.12 allows remote attackers to determine if a directory exists via a .. (dot dot) in the GET request, which returns different error messages depending on whether the directory exists or not. • https://www.exploit-db.com/exploits/21602 •