exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files

iceexec.rar
Posted Oct 7, 2004
Site delikon.de

Remote proof of concept exploit for Icecast versions 2.0.1 and below on win32 that downloads NCAT from elitehaven.net and spawns a shell on port 9999.

tags | exploit, remote, shell, proof of concept
systems | windows
SHA-256 | 79cf3f920b0cea39a5d66a27f360516678f853ec3ca8c9e63debfaa00a9a1212

Related Files

Gentoo Linux Security Advisory 201811-09
Posted Nov 12, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201811-9 - A vulnerability in Icecast might allow remote attackers to execute arbitrary code. Versions less than 2.4.4 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2018-18820
SHA-256 | 3241bea946c691630292185b640f810fdacb266bcec44fdc6b8caa57008630b6
Debian Security Advisory 4333-1
Posted Nov 4, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4333-1 - Nick Rolfe discovered multiple buffer overflows in the Icecast multimedia streaming server which could result in the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2018-18820
SHA-256 | 94c5a5fd9c51d4d6a65522666a09a4f779b7126c102bd80e5b93cd85109cd8a4
Gentoo Linux Security Advisory 201508-03
Posted Aug 17, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201508-3 - A bug in the Icecast code handling source client URL authentication causes a Denial of Service condition. Versions less than 2.4.2 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2015-3026
SHA-256 | 7d860a37ca2e6eb7705507bfb6605db340741515e8d65938618a23309044f202
Debian Security Advisory 3239-1
Posted Apr 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3239-1 - Juliane Holzt discovered that Icecast2, a streaming media server, could dereference a NULL pointer when URL authentication is configured and the stream_auth URL is triggered by a client without setting any credentials. This could allow remote attackers to cause a denial of service (crash).

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2015-3026
SHA-256 | 4a3db4dabf12e50966deed1f99fdeeca7e0401d11acb6dd03eea93d80cf91dae
Gentoo Linux Security Advisory 201412-38
Posted Dec 26, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-38 - Two vulnerabilities have been found in Icecast, possibly resulting in privilege escalation or disclosure of information. Versions less than 2.4.1 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2014-9018, CVE-2014-9091
SHA-256 | 45288fcccaac3340b88c071b9f3a08de2a6ec22c780f5e3dc45df0cf3fec6c74
Mandriva Linux Security Advisory 2014-231
Posted Nov 27, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-231 - Icecast did not properly handle the launching of scripts on connect or disconnect of sources. This could result in sensitive information from these scripts leaking to clients.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-9018
SHA-256 | 869d8835249b0bad75dd9dcc9c0d9d0bab22dd39b5771ff84b36c0092d5d8ddf
Mandriva Linux Security Advisory 2013-091
Posted Apr 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-091 - Icecast didn't strip newlines from log entries, therefore allowing users to forge log entries.

tags | advisory
systems | linux, mandriva
advisories | CVE-2011-4612
SHA-256 | d678e8f696c183eb66fee5d804148e481f6780789c17e07f36a70fc0fe1ced17
Secunia Security Advisory 48192
Posted Mar 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for icecast. This fixes a vulnerability, which can be exploited by malicious people to manipulate certain data.

tags | advisory
systems | linux, suse
SHA-256 | cdc886b3f145bfa38d0b9898eca17977a5de85b64506c8514411044fa7343c6a
Icecast 2.0.1 Header Overwrite
Posted Nov 26, 2009
Authored by Luigi Auriemma, spoonm | Site metasploit.com

This Metasploit module exploits a buffer overflow in the header parsing of icecast, discovered by Luigi Auriemma. Sending 32 HTTP headers will cause a write one past the end of a pointer array.

tags | exploit, web, overflow
advisories | CVE-2004-1561
SHA-256 | f52566cdec54b398c8bf936c7c78edca800747f33139bbed5058021572328958
Secunia Security Advisory 14644
Posted Mar 22, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Patrick has discovered a vulnerability in Icecast, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory
SHA-256 | d7e69be3f2c96d33b8e018ae45497e0e122db38b1d81f74cc1c75b2c607168cc
priv8icecast.pl
Posted Oct 7, 2004
Authored by Luigi Auriemma, wsxz | Site Priv8security.com

Remote root exploit for Icecast 2.0.1 on Windows. Makes use of an overflow that allows for remote command execution and provides a nice reverse shell.

tags | exploit, remote, overflow, shell, root
systems | windows
SHA-256 | 8eb4988ca3de0fc8a5f36b206a8e275c4ca45baf3e95a867c8c789929cc342e6
iceexec.zip
Posted Oct 7, 2004
Authored by Luigi Auriemma | Site aluigi.altervista.org

Remote proof of concept exploit for Icecast versions 2.0.1 and below on win32.

tags | exploit, remote, proof of concept
systems | windows
SHA-256 | 23877162b10171c3069e5990b259e3871a135ea9958164a73449b55f471194e1
icecast201.txt
Posted Oct 7, 2004
Authored by Luigi Auriemma | Site aluigi.altervista.org

Icecast versions 2.0.1 and below on win32 suffer from an overflow that allows arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | windows
SHA-256 | 5ae22150ad203ad64e10d7285af8ff3f7150890e9efd2127aaebc2688ddba1e9
dsa-541.txt
Posted Aug 26, 2004
Authored by Debian | Site debian.org

Debian Security Advisory DSA 541-1 - In icecast-server, the UserAgent variable is not properly html_escaped allowing an an attacker the ability to cause the client to execute arbitrary Java script commands.

tags | advisory, java, arbitrary
systems | linux, debian
advisories | CVE-2004-0781
SHA-256 | 9daf4bbd5722447c08923b0aa6f406682997d55613d9eb4df95195f4068203c7
icecast.txt
Posted May 13, 2004
Authored by Ned

A vulnerability exists in Icecast 2.x that can cause a denial of service condition.

tags | advisory, denial of service
SHA-256 | 99456ace2fa0f87f2f52c3e000095e321d0e4fa0dd63df8a4290735635761047
icx2.c
Posted Jun 19, 2002
Authored by Bab Boon

Icecast v1.3.11 and below remote root exploit for linux/x86. Binds a shell to port 30464. Tested against SuSE 7.2, Debian 2.2r2, and Slackware 8.0.

Changes: Fixes some issues with the child friendliness of the original exploit.
tags | exploit, remote, shell, x86, root
systems | linux, suse, slackware, debian
SHA-256 | 766b53ac8f37a9dae4525d7da3fbb07b12711f55801b3625d281dc809594f972
FreeBSD-SN-02:02
Posted May 14, 2002
Site freebsd.org

FreeBSD Security Notice for Ports - The following software included with FreeBSD contains security vulnerabilities if it is older than: analog-5.22, radius (several), dnews-5.5h2, ethereal-0.9.3, icecast-1.3.12, dhcp-3.0.1.r8_1, mozilla-1.0.rc1_3,1, mod_python-2.7.8, ntop, p5-SOAP-Lite-0.55, puf-0.93.1, sudo-1.6.6, webalizer-2.1.10, and xpilot-4.5.2.

tags | vulnerability
systems | freebsd
SHA-256 | 90f2ab3fad70ac13ec1a4c3674a6e77efe45260fade23620256769a5c2bda1be
icx.c
Posted Apr 2, 2002
Authored by Bab Boon

Icecast v1.3.11 and below remote root exploit for linux/x86. Binds a shell to port 30464. Tested against SuSE 7.2, Debian 2.2r2, and Slackware 8.0.

tags | exploit, remote, shell, x86, root
systems | linux, suse, slackware, debian
SHA-256 | 15679ffcee48c2b319d6b32319e3a3603c8e5e5f6e3e6fdca3e63eba9856f9bd
FreeBSD Security Advisory 2001.23
Posted Mar 16, 2001
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:23 - The icecast port, versions prior to 1.3.7_1, contains multiple format string vulnerabilities, which allow a remote attacker to execute arbitrary code as the user running icecast, usually the root user.

tags | remote, arbitrary, root, vulnerability
systems | freebsd
SHA-256 | e32a64dc0b3ab0cbabbdccc9b1c5ab6d87888e20dac4061a5944907543de4e36
iss.summary.6.3
Posted Feb 14, 2001
Site xforce.iss.net

ISS Security Alert Summary for February 6, 2001 - Volume 6 Number 3. 120 new vulnerabilities were reported this month. This document has links to more information and full advisories on each. Includes: win2k-rdp-dos, cisco-ccs-file-access, quicktime-embedded-tag-bo, solaris-ximp40-bo, cisco-ccs-cli-dos, slimserve-httpd-dos, crazywwwboard-qdecoder-bo, virusbuster-mua-bo, iis-isapi-obtain-code, bind-inverse-query-disclosure, hp-man-dos, sort-temp-file-abort, bind-complain-format-string, bind-complain-bo, winvnc-client-bo, winvnc-server-bo, guestserver-cgi-execute-commands, bind-tsig-bo, hyperseek-cgi-reveal-info, newsdaemon-gain-admin-access, mars-nwe-format-string, mars-nwe-format-string, planetintra-pi-bo, borderware-ping-dos, aol-malformed-url-dos, mirc-bypass-password, netscape-enterprise-revlog-dos, aim-execute-code, netscape-enterprise-list-directories, winnt-mutex-dos, jrun-webinf-file-retrieval, ipfw-bypass-firewall, netopia-telnet-dos, wuftp-debug-format-string, kde2-kdesu-retrieve-passwords, easycom-safecom-url-bo, easycom-safecom-printguide-dos, easycom-safecom-ftp-dos, vnc-weak-authentication, lotus-domino-smtp-bo, linux-sash-shadow-readable, powerpoint-execute-code, icecast-format-string, oracle-handlers-directory-traversal, oracle-handlers-execute-jsp, netscape-enterprise-dot-dos, goodtech-ftp-dos, netscape-fasttrack-cache-dos, eeye-iris-dos, watchguard-firebox-obtain-passphrase, fastream-ftp-server-dos, fastream-ftp-path-disclosure, localweb2k-directory-traversal, win2k-efs-recover-data, linux-bing-bo, micq-sprintf-remote-bo, mysql-select-bo, shoutcast-description-bo, fw1-limited-license-dos, fw1-limited-license-dos, hp-stm-dos, linux-webmin-tmpfiles, tinyproxy-remote-bo, postaci-sql-command-injection, wwwwais-cgi-dos, mime-header-attachment, ssh-rpc-private-key, linux-glibc-preload-overwrite, inn-tmpfile-symlink, interscan-viruswall-insecure-password, interscan-viruswall-weak-authentication, ie-mshtml-dos, dhcp-format-string, win-mediaplayer-arbitrary-code, veritas-backupexec-dos, interscan-viruswall-symlink, omnihttpd-statsconfig-corrupt-files, omnihttpd-statsconfig-execute-code, icmp-pmtu-dos, icmp-pmtu-dos, splitvt-perserc-format-string, splitvt-perserc-format-string, flash-module-bo, rctab-elevate-privileges, ultraboard-cgi-perm, compaq-web-management-bo, php-htaccess-unauth-access, basilix-webmail-retrieve-files, solaris-arp-bo, php-view-source-code, wec-ntlm-authentication, spamcop-url-seq-predict, linux-wuftpd-privatepw-symlink, rdist-symlink, squid-email-symlink, linux-diffutils-sdiff-symlimk, tcpdump-arpwatch-symlink, linuxconf-vpop3d-symlink, shadow-utils-useradd-symlink, linux-glibc-read-files, gettyps-symlink, linux-gpm-symlink, linux-mgetty-symlink, linux-apache-symlink, linux-inn-symlink, conferenceroom-developer-dos, oracle-xsql-execute-code, netscreen-webui-bo, suse-reiserfs-long-filenames, interbase-backdoor-account, interbase-hidden-function-dos, brickserver-thttpd-dos, solaris-exrecover-bo, hp-inetd-swait-dos, microsoft-iis-read-files, ibm-websphere-dos, storagesoft-imagecast-dos, nai-pgp-replace-keys, http-cgi-bbs-forum, lotus-domino-directory-traversal, http-cgi-fastgraf, newsdesk-cgi-read-files, gtk-module-execute-code, and linux-tty-writable-dos.

tags | remote, web, arbitrary, cgi, php, vulnerability
systems | cisco, linux, windows, solaris, suse
SHA-256 | cea13d6f0d4961c09e9e991e92cd2eb1b0f12363f3f1a83a83696b1ee0d06ccc
pkc004.txt
Posted Feb 2, 2001
Authored by Cyrax | Site pkcrew.org

PKC Security Advisory #4 - Icecast v1.3.8beta2 and prior contains remotely exploitable format string bugs which allow remote code execution with the UID/GID of the user running Icecast. Includes PKCicecast-ex.c, a remote proof of concept exploit tested against Icecast 1.3.7 on Slackware 7.0 and RedHat 7.0.

tags | exploit, remote, code execution, proof of concept
systems | linux, redhat, slackware
SHA-256 | e62ac68d8ec2c2f6b273d6ca02cdbad6ee67e699ea9de3f5912684ee7cded816
RHSA-2001:004-04.icecast
Posted Jan 25, 2001
Site redhat.com

Red Hat Security Advisory RHSA-2001:004-04 - A remote format string vulnerability in Icecast v1.3.8beta2 allows remote code execution. Icecast 1.3.7 is not vulnerable.

tags | remote, code execution
systems | linux, redhat
SHA-256 | 3f93642683d664439de5c1193de406878913711c80313f610e5f8ab639b1eb95
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close