8 matches found
Debian Security Advisory DSA 1735-1 (znc)
The remote host is missing an update to znc announced via advisory DSA 1735-1. OpenVAS Vulnerability Test $Id: deb17351.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1735-1 znc Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
Debian: Security Advisory (DSA-1735-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-1735-1 : znc - missing input sanitization
It was discovered that znc, an IRC proxy/bouncer, does not properly sanitize input contained in configuration change requests to the webadmin interface. This allows authenticated users to elevate their privileges and indirectly execute arbitrary commands CVE-2009-0759 . %NASLMINLEVEL 70300 C...
[SECURITY] [DSA 1735-1] New znc packages fix privilege escalation
------------------------------------------------------------------------ Debian Security Advisory DSA-1735-1 [email protected] http://www.debian.org/security/ Florian Weimer March 10, 2009 http://www.debian.org/security/faq -...
DSA-1735-1 znc - privilege escalation
Bulletin has no description...
Gentoo Security Advisory GLSA 200903-02 (znc)
The remote host is missing updates announced in advisory GLSA 200903-02. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
CVE-2009-0759
Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors...
CVE-2009-0759
CVE-2009-0759 affects znc, specifically the webadmin interface used to modify znc.conf. The root cause is missing input sanitization in configuration change requests, allowing CRLF injection that can elevate privileges of authenticated users and indirectly execute arbitrary commands. Disclosures ...