This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Znc First view 2009-03-03
Product Znc Last view 2019-11-12
Version 0.060 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:znc:znc

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2019-11-12 CVE-2010-2488

NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic stats when there are unauthenticated connections.

8.8 2019-06-15 CVE-2019-12816

Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name.

6.5 2019-03-27 CVE-2019-9917

ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding.

5.3 2018-07-14 CVE-2018-14056

ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories.

6.5 2018-07-14 CVE-2018-14055

ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.

4 2014-12-19 CVE-2014-9403

The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by adding a channel with the same name as an existing channel but without the leading # character, related to a "use-after-delete" error.

3.5 2010-07-12 CVE-2010-2448

znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell.

7.5 2009-08-04 CVE-2009-2658

Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request.

6.5 2009-03-03 CVE-2009-0759

Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors.

CWE : Common Weakness Enumeration

%idName
28% (2) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
28% (2) CWE-20 Improper Input Validation
14% (1) CWE-476 NULL Pointer Dereference
14% (1) CWE-264 Permissions, Privileges, and Access Controls
14% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')

Open Source Vulnerability Database (OSVDB)

id Description
66236 Debian ZNC znc.cpp Traffic Statistics Processing NULL Dereference Remote DoS
56184 ZNC DCC Send Command Traversal Arbitrary File Upload
52295 ZNC Webadmin Module znc.conf QuitMessage Field Security Restriction Bypass

OpenVAS Exploits

id Description
2010-06-21 Name : ZNC NULL Pointer Dereference Denial Of Service Vulnerability
File : nvt/gb_znc_40982.nasl
2009-09-15 Name : Gentoo Security Advisory GLSA 200909-17 (znc)
File : nvt/glsa_200909_17.nasl
2009-08-17 Name : Debian Security Advisory DSA 1848-1 (znc)
File : nvt/deb_1848_1.nasl
2009-07-29 Name : Fedora Core 10 FEDORA-2009-7937 (znc)
File : nvt/fcore_2009_7937.nasl
2009-07-29 Name : Fedora Core 11 FEDORA-2009-7952 (znc)
File : nvt/fcore_2009_7952.nasl
2009-03-20 Name : Debian Security Advisory DSA 1735-1 (znc)
File : nvt/deb_1735_1.nasl
2009-03-13 Name : Ubuntu USN-731-1 (apache2)
File : nvt/ubuntu_731_1.nasl
2009-03-13 Name : Ubuntu USN-732-1 (dash)
File : nvt/ubuntu_732_1.nasl
2009-03-07 Name : Gentoo Security Advisory GLSA 200903-02 (znc)
File : nvt/glsa_200903_02.nasl

Nessus® Vulnerability Scanner

id Description
2018-07-30 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201807-03.nasl - Type: ACT_GATHER_INFO
2018-07-20 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4252.nasl - Type: ACT_GATHER_INFO
2018-07-20 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_c6d1a8a68a9111e8be4d005056925db4.nasl - Type: ACT_GATHER_INFO
2018-07-16 Name: The remote Debian host is missing a security update.
File: debian_DLA-1427.nasl - Type: ACT_GATHER_INFO
2015-12-02 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-845.nasl - Type: ACT_GATHER_INFO
2015-01-09 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2015-013.nasl - Type: ACT_GATHER_INFO
2014-12-19 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-31.nasl - Type: ACT_GATHER_INFO
2010-07-13 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2069.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-10042.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-10078.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-10082.nasl - Type: ACT_GATHER_INFO
2010-02-24 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1848.nasl - Type: ACT_GATHER_INFO
2009-09-14 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200909-17.nasl - Type: ACT_GATHER_INFO
2009-07-24 Name: The remote Fedora host is missing a security update.
File: fedora_2009-7937.nasl - Type: ACT_GATHER_INFO
2009-03-11 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1735.nasl - Type: ACT_GATHER_INFO
2009-03-08 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200903-02.nasl - Type: ACT_GATHER_INFO