5 results (0.017 seconds)

CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 0

CVE-2013-1747

https://notcve.org/view.php?id=CVE-2013-1747

channel.c in ngIRCd 20 and 20.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a KICK command for a user who is not on the associated channel. channel.c en ngIRCd v20 y v20.1, permite a atacantes remotos provocar una denegación de servicio (error de aserción y caída) mediante un comando KICK para un usuario que no está en el canal asociado. • http://arthur.barton.de/pipermail/ngircd-ml/2013-February/000623.html http://arthur.barton.de/pipermail/ngircd-ml/2013-February/000625.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101706.html http://ngircd.barton.de/doc/NEWS http://secunia.com/advisories/52982 http://www.osvdb.com/show/osvdb/91836 https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Bh=0e63fb3fa7ac4ca048e8c2b648d2be3fd0572311 •

CVSS: 2.6EPSS: 6%CPEs: 2EXPL: 1

CVE-2009-4652

https://notcve.org/view.php?id=CVE-2009-4652

The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in src/ngircd/conn.c in ngIRCd 13 and 14, when SSL/TLS support is present and standalone mode is disabled, allow remote attackers to cause a denial of service (application crash) by sending the MOTD command from another server in the same IRC network, possibly related to an array index error. Las funciones (1) Conn_GetCipherInfo y (2) Conn_UsesSSL en src/ngircd/conn.c en ngIRCd 13 y 14, cuando el soporte SSL/TLS está presente y activado el modo "standalone", permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) fijando el comando MOTD desde otro servidor en la misma red IRC, posiblemente relativo a un error en la indexación del array. • http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Ba=blobdiff%3Bf=src/ngircd/conn.c%3Bh=c6095a31c613bc5ca127d55b8723e15b836f1cca%3Bhp=9752a6191c7e2da5b0df64779e9cc28ad1e6241c%3Bhb=627b0b713c52406e50c84bb9459e7794262920a2%3Bhpb=95428a72ffb5214826b61d5e77f860e7ef6a6c9e http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Ba=commit%3Bh=627b0b713c52406e50c84bb9459e7794262920a2 http://ngircd.barton.de/doc/ChangeLog http://ngircd.barton.de/doc/NEWS http://secunia.com/advisories/37343 http://www.securityfocus.com/bid/37021 http://www.vupen •

CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 1

CVE-2008-0285

https://notcve.org/view.php?id=CVE-2008-0285

ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference. ngIRCd 0.10.x anterior a 0.10.4 y 0.11.0 anterior a 0.11.0-pre2 permite a atacantes remotos provocar denegación de servicio (caida) a través de un mensaje manipulado IRC PART, el cual dispara una referencía no valída. • http://arthur.barton.de/cgi-bin/viewcvs.cgi/ngircd/ngircd/src/ngircd/irc-channel.c?r1=1.40&r2=1.41&diff_format=h http://bugs.gentoo.org/show_bug.cgi?id=204834 http://ngircd.barton.de/doc/ChangeLog http://secunia.com/advisories/28425 http://secunia.com/advisories/28673 http://security.gentoo.org/glsa/glsa-200801-13.xml http://www.securityfocus.com/bid/27318 •

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 0

CVE-2007-6062

https://notcve.org/view.php?id=CVE-2007-6062

irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause a denial of service (crash) via a JOIN command without a channel argument. El archivo irc-channel.c en ngIRCd versiones anteriores a 0.10.3, permite a atacantes remotos causar una denegación de servicio (bloqueo) por medio de un comando JOIN sin un argumento de canal. • http://arthur.barton.de/pipermail/ngircd-ml/2007-July/000292.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=451875 http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10%3Bfilename=90-remote-vulnerability.dpatch%3Batt=1%3Bbug=451875 http://ngircd.barton.de/doc/ChangeLog http://osvdb.org/39295 http://secunia.com/advisories/27692 http://www.securityfocus.com/bid/26489 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 3

CVE-2005-0226 – ngIRCd 0.8.2 - Remote Format String

https://notcve.org/view.php?id=CVE-2005-0226

Format string vulnerability in the Log_Resolver function in log.c for ngIRCd 0.8.2 and earlier, when compiled with IDENT, logging to SYSLOG, and with DEBUG enabled, allows remote attackers to execute arbitrary code. • https://www.exploit-db.com/exploits/784 http://marc.info/?l=bugtraq&m=110746413108183&w=2 http://secunia.com/advisories/14114 http://www.nosystem.com.ar/advisories/advisory-11.txt http://www.securityfocus.com/bid/12434 •