BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to cause a denial of service (segmentation fault) via a malformed RPL_NAMREPLY numeric 353 message.
Max CVSS
5.0
EPSS Score
4.96%
Published
2003-12-31
Updated
2017-07-29
hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitrary commands by sending a client certain data containing NICK and EXEC strings, which exceeds the bounds of a hash table, and injects an EXEC hook function that receives and executes shell commands.
Max CVSS
9.3
EPSS Score
1.91%
Published
2007-06-22
Updated
2017-10-11
Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable.
Max CVSS
10.0
EPSS Score
2.12%
Published
2007-08-29
Updated
2017-09-29
The e_hostname function in commands.c in BitchX 1.1a allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the (1) HOSTNAME or (2) IRCHOST command.
Max CVSS
4.6
EPSS Score
0.04%
Published
2007-11-06
Updated
2017-07-29
The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloaded from a distribution site in November 2007, contains an externally introduced backdoor that e-mails sensitive information (hostnames, usernames, and shell history) to a fixed address.
Max CVSS
5.0
EPSS Score
0.33%
Published
2007-11-10
Updated
2018-10-15
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!