CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2007-5922
https://notcve.org/view.php?id=CVE-2007-5922
The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloaded from a distribution site in November 2007, contains an externally introduced backdoor that e-mails sensitive information (hostnames, usernames, and shell history) to a fixed address. El modules/mdop.m en la secuencia de comandos Cypress 1.0k para el BitchX, como la descargada en el sitio de distribución en Noviembre de 2007, contiene una puerta trasera introducida externamente, que envía un correo electrónico con información sensible (nombre de host, nombre de usuarios y el histórico del shell) a una dirección determinada. • http://osvdb.org/42073 http://secunia.com/advisories/27556 http://www.securityfocus.com/archive/1/483350/100/0/threaded http://www.securityfocus.com/bid/26372 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5839
https://notcve.org/view.php?id=CVE-2007-5839
The e_hostname function in commands.c in BitchX 1.1a allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the (1) HOSTNAME or (2) IRCHOST command. La función e_hostname en commands.c en BitchX 1.1a permite a usuarios locales sobrescribir archivos de su elección a través de un ataque de enlace simbólico sobre archivos temporales cuando se utiliza el comando (1) HOSTNAME o (2) IRCHOST. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449149 http://osvdb.org/42061 http://secunia.com/advisories/27463 http://secunia.com/advisories/31180 http://secunia.com/advisories/34870 http://security.gentoo.org/glsa/glsa-200807-12.xml http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.285737 http://www.securityfocus.com/bid/26326 http://www.vupen.com/english/advisories/2007/3714 https://exchange.xforce.ibmcloud.com/vulnerabilities/38262 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1CVE-2007-4584 – BitchX 1.1 Final - MODE Remote Heap Overflow
https://notcve.org/view.php?id=CVE-2007-4584
Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable. Desbordamiento de búfer basado en pila en BitchX 1.1 Final permite a servidores IRC remotos ejecutar código de su elección mediante una cadena larga en un comando MODE, relacionado con la variable p_mode. • https://www.exploit-db.com/exploits/4321 http://osvdb.org/37480 http://secunia.com/advisories/26578 http://secunia.com/advisories/31180 http://secunia.com/advisories/34870 http://security.gentoo.org/glsa/glsa-200807-12.xml http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.285737 http://www.securityfocus.com/bid/25462 http://www.vupen.com/english/advisories/2007/2994 https://exchange.xforce.ibmcloud.com/vulnerabilities/36306 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 1CVE-2007-3360 – BitchX 1.1-final - 'EXEC' Remote Command Execution
https://notcve.org/view.php?id=CVE-2007-3360
hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitrary commands by sending a client certain data containing NICK and EXEC strings, which exceeds the bounds of a hash table, and injects an EXEC hook function that receives and executes shell commands. hook.c de BitchX 1.1-final permite a servidores IRC remotos ejecutar comandos de su elección al enviar determinados datos cliente conteniendo cadenas NICK y EXEC, que exceden los límites de una tabla hash, e inyecta una función de enganche que recibe y ejecuta comandos de consola. • https://www.exploit-db.com/exploits/4087 http://osvdb.org/37479 http://secunia.com/advisories/25759 http://secunia.com/advisories/34870 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.285737 http://www.securityfocus.com/bid/24579 https://exchange.xforce.ibmcloud.com/vulnerabilities/34969 •
CVSS: 5.0EPSS: 4%CPEs: 4EXPL: 4CVE-2003-1450 – BitchX 1.0 - 'RPL_NAMREPLY' Denial of Service
https://notcve.org/view.php?id=CVE-2003-1450
BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to cause a denial of service (segmentation fault) via a malformed RPL_NAMREPLY numeric 353 message. • https://www.exploit-db.com/exploits/22259 http://lists.grok.org.uk/pipermail/full-disclosure/2003-February/003850.html http://securityreason.com/securityalert/3279 http://www.linuxsecurity.com/content/view/104622/104 http://www.securityfocus.com/archive/1/312133 http://www.securityfocus.com/bid/6880 https://exchange.xforce.ibmcloud.com/vulnerabilities/11363 • CWE-20: Improper Input Validation •