CVE-2011-5129 – XChat 2.8.9 - Heap Overflow Denial of Service
https://notcve.org/view.php?id=CVE-2011-5129
Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long response string. Desbordamiento de búfer basado en memoria dinámica en XChat v2.8.9 y anterior permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente la ejecución de código arbitrario a través de una cadena de respuesta larga. • https://www.exploit-db.com/exploits/18159 http://packetstormsecurity.org/files/107312/xchat-dos.txt http://www.exploit-db.com/exploits/18159 http://www.osvdb.org/77629 http://www.securityfocus.com/bid/50820 http://www.securitytracker.com/id?1027468 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-2841 – XChat 2.8.7b - 'URI Handler' Remote Code Execution (Internet Explorer 6/7)
https://notcve.org/view.php?id=CVE-2008-2841
Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI. Vulnerabilidad de inyección de argumento en XChat 2.8.7b y versiones anteriores de Windows, cuando Internet Explorer es ejecutado, permite a atacantes remotos ejecutar comandos de su elección a través del parámetro --command en una URI ircs://. • https://www.exploit-db.com/exploits/5795 http://forum.xchat.org/viewtopic.php?t=4218 http://secunia.com/advisories/30695 http://www.securityfocus.com/bid/29696 https://exchange.xforce.ibmcloud.com/vulnerabilities/43065 • CWE-94: Improper Control of Generation of Code ('Code Injection') •