Vulnerabilities > Bitchx

DATE CVE VULNERABILITY TITLE RISK
2007-11-10 CVE-2007-5922 Information Exposure vulnerability in multiple products
The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloaded from a distribution site in November 2007, contains an externally introduced backdoor that e-mails sensitive information (hostnames, usernames, and shell history) to a fixed address.
network
low complexity
bitchx cypress CWE-200
5.0
2007-11-06 CVE-2007-5839 Link Following vulnerability in Bitchx 1.1A
The e_hostname function in commands.c in BitchX 1.1a allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the (1) HOSTNAME or (2) IRCHOST command.
local
low complexity
bitchx CWE-59
4.6
2007-08-29 CVE-2007-4584 Buffer Errors vulnerability in Bitchx 1.1Final
Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable.
network
low complexity
bitchx CWE-119
critical
10.0
2007-06-22 CVE-2007-3360 Remote Buffer Overflow vulnerability in Bitchx 1.1Final
hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitrary commands by sending a client certain data containing NICK and EXEC strings, which exceeds the bounds of a hash table, and injects an EXEC hook function that receives and executes shell commands.
network
bitchx
critical
9.3
2003-12-31 CVE-2003-1450 Improper Input Validation vulnerability in Bitchx
BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to cause a denial of service (segmentation fault) via a malformed RPL_NAMREPLY numeric 353 message.
network
low complexity
bitchx CWE-20
5.0