176 matches found
The vulnerabilities in the LoadModule, GetModInfo, and GetModPathInfo functions from src/Modules.cpp of the client disconnection mechanism from the IRC server or the selected channel allow a malicious user to elevate their privileges and execute arbitrary code.
The vulnerabilities of the LoadModule, GetModInfo, and GetModPathInfo functions in src/Modules.cpp, which allow for disabling clients from connecting to IRC servers or the selected channel, are related to a lack of mechanism for controlling user privileges. Exploiting these vulnerabilities could...
[ASA-201907-1] irssi: arbitrary code execution
Arch Linux Security Advisory ASA-201907-1 ========================================= Severity: High Date : 2019-07-01 CVE-ID : CVE-2019-13045 Package : irssi Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-999 Summary ======= The package irssi before version...
CVE-2018-7050
A NULL pointer dereference was found in Irssi when an "empty" nick joins a channel. A remote attacker, who can control an IRC server, could crash IRC clients by leveraging this vulnerability...
CVE-2018-7053
A use-after-free was found in the way Irssi, version 0.8.18 and later, handled out of order SASL messages sent by an IRC server. A remote attacker, who controls an IRC server, could crash the application by exploiting this flaw...
Updated irssi packages fix security vulnerabilities
Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service CVE-2018-5205. Joseph Bisch discovered that...
Ubuntu 14.04 LTS / 16.04 LTS : Irssi vulnerabilities (USN-3527-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3527-1 advisory. Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or openi...
CVE-2017-9468
A null pointer dereference was found in the way irssi handles DCC messages that do not contain a source nick/host. A malicious IRC server could be used to crash an irssi client by sending a specially crafted DCC message...
CVE-2016-7145
The CVE-2016-7145 entry describes a vulnerability in the nefarious2 IRC daemon where the m_authenticate function (ircd/m_authenticate.c) can be abused by remote attackers to spoof certificate fingerprints and log in as another user via a crafted AUTHENTICATE parameter. This is a client-authentica...
Updated irssi-otr packages fix security vulnerability
It was discovered that irssi-otr had a flaw in handing data returned by libotr. After the initiation of the OTR session only the first line was sent as a PRIVMSG, while additional data would be sent as raw commands to the IRC server. The additional data would ordinarily be a human-readable...
Debian DSA-3662-1 : inspircd - security update
It was discovered that incorrect SASL authentication in the Inspircd IRC server may lead to users impersonating other users. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3662. The text...
DSA-3662-1 inspircd - security update
Bulletin has no description...
Debian DSA-3661-1 : charybdis - security update
It was discovered that incorrect SASL authentication in the Charybdis IRC server may lead to users impersonating other users. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3661. The text...
[SECURITY] [DSA 3661-1] charybdis security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3661-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 06, 2016 https://www.debian.org/security/faq -...
DSA-3661-1 charybdis - security update
Bulletin has no description...
Debian Security Advisory DSA 3661-1 (charybdis - security update)
It was discovered that incorrect SASL authentication in the Charybdis IRC server may lead to users impersonating other users. OpenVAS Vulnerability Test $Id: deb3661.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA 3661-1 using nvtgen 1.0 Script version: 1.0 Author:...
Debian: Security Advisory (DSA-3661-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
InspIRCd: Multiple vulnerabilities
Background InspIRCd is a modular Internet Relay Chat IRC server written in C++ which was created from scratch to be stable, modern and lightweight. Description Multiple vulnerabilities have been discovered in InspIRCd. Please review the CVE identifiers referenced below for details. Impact A remot...
CVE-2006-6811
KsIRC 1.3.12 allows remote attackers to cause a denial of service crash via a long PRIVMSG string when connecting to an Internet Relay Chat IRC server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow...
CVE-2007-4584
Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the pmode variable...
Bash: How to open TCP/UDP sockets
How to open TCP/UDP sockets using a built-in feature in Bash ? Bash shell has a built-in feature that allows to open TCP/UDP sockets using a simple syntax. This is very useful when tools like netcat are not installed or we don’t have the permission to use it. The syntax is $ exec...