Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unrealircd vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-50784
A buffer overflow in websockets in UnrealIRCd 6.1.0 up to and including 6.1.3 prior to 6.1.4 allows an unauthenticated remote malicious user to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon,...
Unrealircd Unrealircd
2.1
CVSSv2
CVE-2017-13649
UnrealIRCd 4.0.13 and previous versions creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill...
Unrealircd Unrealircd
6.8
CVSSv2
CVE-2016-7144
The m_authenticate function in modules/m_sasl.c in UnrealIRCd prior to 3.2.10.7 and 4.x prior to 4.0.6 allows remote malicious users to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
Unrealircd Unrealircd
Unrealircd Unrealircd 4.0.4
Unrealircd Unrealircd 4.0.0
Unrealircd Unrealircd 4.0.5
Unrealircd Unrealircd 4.0.2
Unrealircd Unrealircd 4.0.3.1
Unrealircd Unrealircd 4.0.1
Unrealircd Unrealircd 4.0.3
5
CVSSv2
CVE-2013-7384
UnrealIRCd 3.2.10 prior to 3.2.10.2 allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. NOTE: this issue was SPLIT from CVE-2013-6413 per ADT2 due to different vulnerability types.
Unrealircd Unrealircd 3.2.10
Unrealircd Unrealircd 3.2.10.1
5
CVSSv2
CVE-2013-6413
Use-after-free vulnerability in UnrealIRCd 3.2.10 prior to 3.2.10.2 allows remote malicious users to cause a denial of service (crash) via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7384 was assigned for the NULL p...
Unrealircd Unrealircd 3.2.10
Unrealircd Unrealircd 3.2.10.1
7.5
CVSSv2
CVE-2010-2075
UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote malicious users to execute arbitrary commands.
Unrealircd Unrealircd 3.2.8.1
2 EDB exploits
14 Github repositories
6.8
CVSSv2
CVE-2009-4893
Buffer overflow in UnrealIRCd 3.2beta11 up to and including 3.2.8, when allow::options::noident is enabled, allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
Unrealircd Unrealircd 3.2.7
Unrealircd Unrealircd 3.2.6
Unrealircd Unrealircd 3.2.5
Unrealircd Unrealircd 3.2.4
Unrealircd Unrealircd 3.2.3
Unrealircd Unrealircd 3.2
Unrealircd Unrealircd 3.2.8
Unrealircd Unrealircd 3.2.2
Unrealircd Unrealircd 3.2.1
5
CVSSv2
CVE-2006-1214
UnrealIRCd 3.2.3 allows remote malicious users to cause an unspecified denial of service by causing a linked server to send malformed TKL Q:Line commands, as demonstrated by "TKL - q\x08Q *\x08PoC."
Unreal Unrealircd 3.2.3
1 EDB exploit
5
CVSSv2
CVE-2004-0679
The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and possibly other versions, uses a weak hashing scheme to hide IP addresses, which could allow remote malicious users to use brute force methods to gain other user's IP addresses.
Unreal Unrealircd 3.1.1
Unreal Unrealircd 3.1.3
Unreal Unrealircd 3.2
Unreal Unrealircd 3.2 .0 Beta 10
6.4
CVSSv2
CVE-2002-1675
Format string vulnerability in the Cio_PrintF function of cio_main.c in Unreal IRCd 3.1.1 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers.
Unreal Unrealircd 3.1.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started