6 matches found
Design/Logic Flaw
Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " quote followed by command line switches in a 1 irc:///, 2 irc6:///, 3 ircs:///, or 4 and ircs6:/// URI. NOTE: this might be due to an incomplete fix for...
Gentoo Security Advisory GLSA 200709-02 (kvirc)
The remote host is missing updates announced in advisory GLSA 200709-02. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
openSUSE 10 Security Update : kvirc (kvirc-3953)
A bug in the IRC-URI parser allowed attackers to execute arbitrary commands by tricking a user into opening a specially crafted URI in kvirc CVE-2007-2951. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...
KVIrc irc:// URI处理器远程命令注入漏洞
BUGTRAQ ID: 24652 CVECAN ID: CVE-2007-2951 KVIrc是一款免费的可移植IRC客户端。 KVIrc客户端在处理“irc://”协议串时存在漏洞,远程攻击者可能利用此漏洞在用户机器上执行命令。 KVIrc客户端的src/kvirc/kernel/kviircurl.cpp文件中的parseIrcUrl函数在为KVIrc的内部脚本系统构建命令时没有正确过滤部分URI,如果用户受骗打开了特制的irc://或类似的URI(如irc6://)的话,就会导致注入并执行KVIrc脚本系统命令。成功攻击要求KVIrc是irc://或类似URI的默认处理器。...
[Full-disclosure] Secunia Research: KVIrc irc:// URI Handler Command Execution Vulnerability
====================================================================== Secunia Research 26/06/2007 - KVIrc irc:// URI Handler Command Execution Vulnerability - ====================================================================== Table of Contents Affected...
CVE-2007-2951
The parseIrcUrl function in src/kvirc/kernel/kviircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an 1 irc:// or 2 irc6:// URI...