Lucene search
K

180 matches found

Cvelist
Cvelist
added 2003/04/02 5:0 a.m.26 views

CVE-2002-0006

XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variabl...

7.7AI score0.08087EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2002/08/05 9:4 p.m.7 views

Important: Red Hat Security Advisory: xchat security update

A security issue in XChat allows a malicious server to execute arbitrary commands. XChat is a popular cross-platform IRC client. Versions of XChat prior to 1.8.9 do not filter the response from an IRC server when a /dns query is executed. Because XChat resolves hostnames by passing the configured...

7.5CVSS6AI score0.02391EPSS
Exploits0References2
NVD
NVD
added 2002/06/25 4:0 a.m.21 views

CVE-2002-0006

XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variabl...

7.5CVSS7.7AI score0.08087EPSS
Exploits0References7
NVD
NVD
added 2002/06/25 4:0 a.m.12 views

CVE-2002-0382

XChat IRC client allows remote attackers to execute arbitrary commands via a /dns command on a host whose DNS reverse lookup contains shell metacharacters...

7.5CVSS7.8AI score0.02391EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2002/06/04 7:9 p.m.8 views

Important: Red Hat Security Advisory: : : : Updated xchat packages fix "/dns" vulnerability

A security vulnerability in XChat allows a malicious server to execute arbitrary commands. Updated 11 July 2003 Added packages for Red Hat Linux on IBM iSeries and pSeries systems. XChat is a popular cross-platform IRC client. Versions of XChat prior to 1.8.9 do not filter the response from an IR...

7.5CVSS5.9AI score0.02391EPSS
Exploits0References1
securityvulns
securityvulns
added 2002/03/28 12:0 a.m.34 views

Xchat /dns command execution vulnerability

Xchat - Remote command execution name : Xchat date : 27/3/2002 description : Xchat is a graphical IRC client widely used in the linux and bsd community severity : Low risk homepage : www.xchat.org versions : probably all Bug description : There is an issue by the way xchat handle the /exec comman...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2002/03/28 12:0 a.m.35 views

Command execution in XChat

During call to external program DNS name of remote host is used withot stripping of shell characters...

3.6AI score
Exploits0References1Affected Software1
Debian
Debian
added 2002/01/12 11:46 a.m.43 views

[SECURITY] [DSA 099-1] New XChat packages fix potential IRC session hijacking

Attachment: pgpZ3fmunBQVe.pgp Description: PGP message...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2002/01/10 12:0 a.m.37 views

Отправка команд от имени пользователя IRC в XChat (session hijacking)

При ответе на команду ping копируются посланные данные без проверки их содержимого, что может привести к выполнению команды...

0.4AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2002/01/10 12:0 a.m.26 views

xchat IRC session hijacking vulnerability (versions 1.4.1, 1.4.2)

========================================================================== ======= xchat 1.4.2 and 1.4.3 IRC session hijacking vulnerability ======== ========================================================================== It is possible to trick xchat IRC clients 1.4.2, 1.4.3 into sending...

0.3AI score
Exploits0
NVD
NVD
added 2001/10/18 4:0 a.m.13 views

CVE-2001-0792

Format string vulnerability in XChat 1.2.x allows remote attackers to execute arbitrary code via a malformed nickname...

7.5CVSS7.6AI score0.02818EPSS
Exploits1References2
NVD
NVD
added 2000/10/20 4:0 a.m.13 views

CVE-2000-0787

IRC Xchat client versions 1.4.2 and earlier allows remote attackers to execute arbitrary commands by encoding shell metacharacters into a URL which XChat uses to launch a web browser...

7.5CVSS7.7AI score0.09211EPSS
Exploits0References5
CVE
CVE
added 2000/10/13 4:0 a.m.45 views

CVE-2000-0787

The CVE covers the IRC XChat client (versions ≤ 1.4.2). It describes a remote command execution where shell metacharacters embedded in a URL, used by XChat to launch a browser, can be exploited. The NVD notes a high impact (CVSS v2 base score 7.5) with network access and no authentication require...

7.5CVSS8.1AI score0.09211EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2000/10/13 4:0 a.m.20 views

CVE-2000-0787

IRC Xchat client versions 1.4.2 and earlier allows remote attackers to execute arbitrary commands by encoding shell metacharacters into a URL which XChat uses to launch a web browser...

7.7AI score0.09211EPSS
Exploits0References5
Slackware Linux
Slackware Linux
added 2000/09/13 4:58 p.m.15 views

: xchat input validation bug fixed

An input validation bug was found to affect Slackware Linux 7.0, 7.1, and -current. The problem is described in detail at this site: http://www.securityfocus.com/bid/1601 Users of Slackware 7.0, 7.1, and -current are urged to upgraded to the xchat.tgz package available in the Slackware -current...

6.9AI score
Exploits0
FreeBSD Advisory
FreeBSD Advisory
added 2000/09/13 12:0 a.m.5 views

FreeBSD-SA-00:48.xchat

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:48 Security Advisory FreeBSD, Inc. Topic: xchat port inappropriately handles URLs Category: ports Module: xchat, xchat-devel Announced: 2000-09-13 Affects: Ports...

6AI score
Exploits0
Debian
Debian
added 2000/08/30 2:36 p.m.1 views

[SECURITY] New version of xchat released (update)

Package : xchat Problem type : remote exploit Debian-specific: no The version of X-Chat that was distributed with Debian GNU/Linux 2.2 has a vulnerability in the URL handling code: when a user clicks on a URL X-Chat will start netscape to view its target. However it did not check the URL for shel...

5.9AI score
Exploits0
Debian
Debian
added 2000/08/30 2:22 p.m.2 views

[SECURITY] New version of xchat released

Package : xchat Problem type : remote exploit Debian-specific: no The version of X-Chat that was distributed with Debian GNU/Linux 2.2 has a vulnerability in the URL handling code: when a user clicks on a URL X-Chat will start netscape to view its target. However it did not check the URL for shel...

5.9AI score
Exploits0
securityvulns
securityvulns
added 2000/08/18 12:0 a.m.52 views

XChat URL handler vulnerabilty

Email was sent to [email protected] the author of xchat and after over a week, I have received no reply. So here it is... the advisory. zen-parse - blinking since 1992 or mebe earlier X X CC H H AA TTTTT X X C C H H A A T X C HHHH AAAA T X X C C H H A A T X X CC H H A A T Hole: backticked commands...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2000/08/18 12:0 a.m.25 views

Дырка в xchat

Не комментируются shell-символы в запросе пользователя, что делает возможным выполнение кода на сервере...

0.4AI score
Exploits0References1Affected Software1
Rows per page
Query Builder