This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Znc First view 2010-08-17
Product Znc Last view 2019-06-15
Version 0.092 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:znc:znc

Activity : Overall

Related : CVE

  Date Alert Description
8.8 2019-06-15 CVE-2019-12816

Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name.

6.5 2019-03-27 CVE-2019-9917

ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding.

5.3 2018-07-14 CVE-2018-14056

ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories.

6.5 2018-07-14 CVE-2018-14055

ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.

4 2014-12-19 CVE-2014-9403

The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by adding a channel with the same name as an existing channel but without the leading # character, related to a "use-after-delete" error.

5 2010-08-17 CVE-2010-2934

Multiple unspecified vulnerabilities in ZNC 0.092 allow remote attackers to cause a denial of service (exception and daemon crash) via unknown vectors related to "unsafe substr() calls."

5 2010-08-17 CVE-2010-2812

Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of service (exception and daemon crash) via a PING command that lacks an argument.

CWE : Common Weakness Enumeration

%idName
60% (3) CWE-20 Improper Input Validation
20% (1) CWE-264 Permissions, Privileges, and Access Controls
20% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

Open Source Vulnerability Database (OSVDB)

id Description
67164 ZNC Multiple Unspecified substr() Exception Remote DoS
67163 ZNC Malformed PING Command Remote DoS

OpenVAS Exploits

id Description
2010-12-02 Name : Fedora Update for znc FEDORA-2010-13038
File : nvt/gb_fedora_2010_13038_znc_fc14.nasl
2010-08-13 Name : Fedora Update for znc FEDORA-2010-12468
File : nvt/gb_fedora_2010_12468_znc_fc12.nasl
2010-08-13 Name : Fedora Update for znc FEDORA-2010-12481
File : nvt/gb_fedora_2010_12481_znc_fc13.nasl
2010-08-13 Name : ZNC Multiple Denial Of Service Vulnerabilities
File : nvt/gb_znc_42314.nasl

Nessus® Vulnerability Scanner

id Description
2018-07-30 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201807-03.nasl - Type: ACT_GATHER_INFO
2018-07-20 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4252.nasl - Type: ACT_GATHER_INFO
2018-07-20 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_c6d1a8a68a9111e8be4d005056925db4.nasl - Type: ACT_GATHER_INFO
2018-07-16 Name: The remote Debian host is missing a security update.
File: debian_DLA-1427.nasl - Type: ACT_GATHER_INFO
2015-12-02 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-845.nasl - Type: ACT_GATHER_INFO
2015-01-09 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2015-013.nasl - Type: ACT_GATHER_INFO
2014-12-19 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-31.nasl - Type: ACT_GATHER_INFO
2010-08-19 Name: The remote Fedora host is missing a security update.
File: fedora_2010-13038.nasl - Type: ACT_GATHER_INFO
2010-08-12 Name: The remote Fedora host is missing a security update.
File: fedora_2010-12468.nasl - Type: ACT_GATHER_INFO
2010-08-12 Name: The remote Fedora host is missing a security update.
File: fedora_2010-12481.nasl - Type: ACT_GATHER_INFO