- EPSS 0.34%
- Published 10.11.2007 02:46:00
- Last modified 09.04.2025 00:30:58
The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloaded from a distribution site in November 2007, contains an externally introduced backdoor that e-mails sensitive information (hostnames, usernames, and shell history) to a fixed addr...
CVE-2007-5839
- EPSS 0.03%
- Published 06.11.2007 19:46:00
- Last modified 09.04.2025 00:30:58
The e_hostname function in commands.c in BitchX 1.1a allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the (1) HOSTNAME or (2) IRCHOST command.
- EPSS 4.63%
- Published 29.08.2007 01:17:00
- Last modified 09.04.2025 00:30:58
Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable.
CVE-2007-3360
- EPSS 6.86%
- Published 22.06.2007 18:30:00
- Last modified 09.04.2025 00:30:58
hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitrary commands by sending a client certain data containing NICK and EXEC strings, which exceeds the bounds of a hash table, and injects an EXEC hook function that receives and execut...
- EPSS 9.4%
- Published 31.12.2003 05:00:00
- Last modified 03.04.2025 01:03:51
BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to cause a denial of service (segmentation fault) via a malformed RPL_NAMREPLY numeric 353 message.