180 matches found
CVE-2002-0006
XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variabl...
Important: Red Hat Security Advisory: xchat security update
A security issue in XChat allows a malicious server to execute arbitrary commands. XChat is a popular cross-platform IRC client. Versions of XChat prior to 1.8.9 do not filter the response from an IRC server when a /dns query is executed. Because XChat resolves hostnames by passing the configured...
CVE-2002-0006
XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variabl...
CVE-2002-0382
XChat IRC client allows remote attackers to execute arbitrary commands via a /dns command on a host whose DNS reverse lookup contains shell metacharacters...
Important: Red Hat Security Advisory: : : : Updated xchat packages fix "/dns" vulnerability
A security vulnerability in XChat allows a malicious server to execute arbitrary commands. Updated 11 July 2003 Added packages for Red Hat Linux on IBM iSeries and pSeries systems. XChat is a popular cross-platform IRC client. Versions of XChat prior to 1.8.9 do not filter the response from an IR...
Xchat /dns command execution vulnerability
Xchat - Remote command execution name : Xchat date : 27/3/2002 description : Xchat is a graphical IRC client widely used in the linux and bsd community severity : Low risk homepage : www.xchat.org versions : probably all Bug description : There is an issue by the way xchat handle the /exec comman...
Command execution in XChat
During call to external program DNS name of remote host is used withot stripping of shell characters...
[SECURITY] [DSA 099-1] New XChat packages fix potential IRC session hijacking
Attachment: pgpZ3fmunBQVe.pgp Description: PGP message...
Отправка команд от имени пользователя IRC в XChat (session hijacking)
При ответе на команду ping копируются посланные данные без проверки их содержимого, что может привести к выполнению команды...
xchat IRC session hijacking vulnerability (versions 1.4.1, 1.4.2)
========================================================================== ======= xchat 1.4.2 and 1.4.3 IRC session hijacking vulnerability ======== ========================================================================== It is possible to trick xchat IRC clients 1.4.2, 1.4.3 into sending...
CVE-2001-0792
Format string vulnerability in XChat 1.2.x allows remote attackers to execute arbitrary code via a malformed nickname...
CVE-2000-0787
IRC Xchat client versions 1.4.2 and earlier allows remote attackers to execute arbitrary commands by encoding shell metacharacters into a URL which XChat uses to launch a web browser...
CVE-2000-0787
The CVE covers the IRC XChat client (versions ≤ 1.4.2). It describes a remote command execution where shell metacharacters embedded in a URL, used by XChat to launch a browser, can be exploited. The NVD notes a high impact (CVSS v2 base score 7.5) with network access and no authentication require...
CVE-2000-0787
IRC Xchat client versions 1.4.2 and earlier allows remote attackers to execute arbitrary commands by encoding shell metacharacters into a URL which XChat uses to launch a web browser...
: xchat input validation bug fixed
An input validation bug was found to affect Slackware Linux 7.0, 7.1, and -current. The problem is described in detail at this site: http://www.securityfocus.com/bid/1601 Users of Slackware 7.0, 7.1, and -current are urged to upgraded to the xchat.tgz package available in the Slackware -current...
FreeBSD-SA-00:48.xchat
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:48 Security Advisory FreeBSD, Inc. Topic: xchat port inappropriately handles URLs Category: ports Module: xchat, xchat-devel Announced: 2000-09-13 Affects: Ports...
[SECURITY] New version of xchat released (update)
Package : xchat Problem type : remote exploit Debian-specific: no The version of X-Chat that was distributed with Debian GNU/Linux 2.2 has a vulnerability in the URL handling code: when a user clicks on a URL X-Chat will start netscape to view its target. However it did not check the URL for shel...
[SECURITY] New version of xchat released
Package : xchat Problem type : remote exploit Debian-specific: no The version of X-Chat that was distributed with Debian GNU/Linux 2.2 has a vulnerability in the URL handling code: when a user clicks on a URL X-Chat will start netscape to view its target. However it did not check the URL for shel...
XChat URL handler vulnerabilty
Email was sent to [email protected] the author of xchat and after over a week, I have received no reply. So here it is... the advisory. zen-parse - blinking since 1992 or mebe earlier X X CC H H AA TTTTT X X C C H H A A T X C HHHH AAAA T X X C C H H A A T X X CC H H A A T Hole: backticked commands...
Дырка в xchat
Не комментируются shell-символы в запросе пользователя, что делает возможным выполнение кода на сервере...