Lucene search

[email protected]CVE-2008-7070

HistoryAug 25, 2009 - 10:30 a.m.

CVE-2008-7070

2009-08-2510:30:00

CWE-94

[email protected]

web.nvd.nist.gov

cve

2008

7070

argument injection

vulnerability

kvirc 3.4.2

shiny

remote

execution

arbitrary commands

uri handler

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.041 Low

EPSS

Percentile

92.2%

JSON

Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951.

Affected configurations

NVD

Node

kvirckvircMatch3.4.2

CPENameOperatorVersion
kvirc:kvirckvirceq3.4.2

CPE	Name	Operator	Version
kvirc:kvirc	kvirc	eq	3.4.2

References

retrogod.altervista.org/kvirc_342_cmd.html

secunia.com/advisories/32410

www.securityfocus.com/archive/1/498557/100/0/threaded

www.securityfocus.com/bid/32410

exchange.xforce.ibmcloud.com/vulnerabilities/46779

www.exploit-db.com/exploits/7181

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.041 Low

EPSS

Percentile

92.2%

JSON

Related for CVE-2008-7070

prion2 nvd2 cvelist2 ubuntucve2 debiancve2 openvas4 nessus2 securityvulns2 gentoo1 seebug1 cve1