RSS   Vulnerabilities for 'Bitchx'   RSS

2007-11-09
 
CVE-2007-5922

CWE-200
 

 
The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloaded from a distribution site in November 2007, contains an externally introduced backdoor that e-mails sensitive information (hostnames, usernames, and shell history) to a fixed address.

 
2007-11-06
 
CVE-2007-5839

CWE-59
 

 
The e_hostname function in commands.c in BitchX 1.1a allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the (1) HOSTNAME or (2) IRCHOST command.

 
2007-08-28
 
CVE-2007-4584

 

 
Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable.

 
2007-06-22
 
CVE-2007-3360

 

 
hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitrary commands by sending a client certain data containing NICK and EXEC strings, which exceeds the bounds of a hash table, and injects an EXEC hook function that receives and executes shell commands.

 
2003-12-31
 
CVE-2003-1450

 

 
BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to cause a denial of service (segmentation fault) via a malformed RPL_NAMREPLY numeric 353 message.

 


Copyright 2024, cxsecurity.com

 

Back to Top