4 results (0.005 seconds)

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

The e_hostname function in commands.c in BitchX 1.1a allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the (1) HOSTNAME or (2) IRCHOST command. La función e_hostname en commands.c en BitchX 1.1a permite a usuarios locales sobrescribir archivos de su elección a través de un ataque de enlace simbólico sobre archivos temporales cuando se utiliza el comando (1) HOSTNAME o (2) IRCHOST. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449149 http://osvdb.org/42061 http://secunia.com/advisories/27463 http://secunia.com/advisories/31180 http://secunia.com/advisories/34870 http://security.gentoo.org/glsa/glsa-200807-12.xml http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.285737 http://www.securityfocus.com/bid/26326 http://www.vupen.com/english/advisories/2007/3714 https://exchange.xforce.ibmcloud.com/vulnerabilities/38262 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1

Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable. Desbordamiento de búfer basado en pila en BitchX 1.1 Final permite a servidores IRC remotos ejecutar código de su elección mediante una cadena larga en un comando MODE, relacionado con la variable p_mode. • https://www.exploit-db.com/exploits/4321 http://osvdb.org/37480 http://secunia.com/advisories/26578 http://secunia.com/advisories/31180 http://secunia.com/advisories/34870 http://security.gentoo.org/glsa/glsa-200807-12.xml http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.285737 http://www.securityfocus.com/bid/25462 http://www.vupen.com/english/advisories/2007/2994 https://exchange.xforce.ibmcloud.com/vulnerabilities/36306 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 1

hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitrary commands by sending a client certain data containing NICK and EXEC strings, which exceeds the bounds of a hash table, and injects an EXEC hook function that receives and executes shell commands. hook.c de BitchX 1.1-final permite a servidores IRC remotos ejecutar comandos de su elección al enviar determinados datos cliente conteniendo cadenas NICK y EXEC, que exceden los límites de una tabla hash, e inyecta una función de enganche que recibe y ejecuta comandos de consola. • https://www.exploit-db.com/exploits/4087 http://osvdb.org/37479 http://secunia.com/advisories/25759 http://secunia.com/advisories/34870 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.285737 http://www.securityfocus.com/bid/24579 https://exchange.xforce.ibmcloud.com/vulnerabilities/34969 •

CVSS: 5.0EPSS: 4%CPEs: 4EXPL: 4

BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to cause a denial of service (segmentation fault) via a malformed RPL_NAMREPLY numeric 353 message. • https://www.exploit-db.com/exploits/22259 http://lists.grok.org.uk/pipermail/full-disclosure/2003-February/003850.html http://securityreason.com/securityalert/3279 http://www.linuxsecurity.com/content/view/104622/104 http://www.securityfocus.com/archive/1/312133 http://www.securityfocus.com/bid/6880 https://exchange.xforce.ibmcloud.com/vulnerabilities/11363 • CWE-20: Improper Input Validation •