18 matches found
openSUSE Security Update : znc (openSUSE-2019-571)
This update for znc fixes the following issues : - Update to version 1.7.1 - CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf bnc1101281 - CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name. bnc1101280 - Update to...
openSUSE Security Update : znc (openSUSE-2018-819)
This update for znc fixes the following issues : - Update to version 1.7.1 - CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf bnc1101281 - CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name. bnc1101280 - Update to...
openSUSE: Security Advisory for znc (openSUSE-SU-2018:2231-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for znc (moderate)
This update for znc fixes the following issues: - Update to version 1.7.1 CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf bnc1101281 CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name. bnc1101280 - Update to...
Security update for znc (moderate)
This update for znc fixes the following issues: - Update to version 1.7.1 CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf bnc1101281 CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name. bnc1101280 - Update to...
GLSA-201807-03 : ZNC:Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201807-03 ZNC:Multiple Vulnerabilities Multiple vulnerabilities have been discovered in ZNC. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could read arbitary files and esclate...
Debian DSA-4252-1 : znc - security update
Jeriko One discovered two vulnerabilities in the ZNC IRC bouncer which could result in privilege escalation or denial of service. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4252. The text itself is...
FreeBSD : znc -- multiple vulnerabilities (c6d1a8a6-8a91-11e8-be4d-005056925db4)
Mitre reports : ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf. ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files...
[ASA-201807-11] znc: multiple issues
Arch Linux Security Advisory ASA-201807-11 ========================================== Severity: High Date : 2018-07-19 CVE-ID : CVE-2018-14055 CVE-2018-14056 Package : znc Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-737 Summary ======= The package znc before...
[SECURITY] [DSA 4252-1] znc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4252-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 18, 2018 https://www.debian.org/security/faq -...
Debian DLA-1427-1 : znc security update
It was discovered that there were two issues in znc, a modular IRC bouncer : - There was insufficient validation of lines coming from the network allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf. CVE-2018-14055 - A path traversal vulnerability via '../'...
CVE-2018-14055
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf...
CVE-2018-14055
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf...
CVE-2018-14055
ZNC vulnerability CVE-2018-14055 (and related CVEs) affects ZNC before 1.7.1-rc1, where untrusted network input is not properly validated, allowing a non-admin user to escalate privileges, inject rogue values into znc.conf, and potentially gain shell access. A separate issue (CVE-2018-14056) enab...
CVE-2018-14055
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf...
CVE-2018-14055
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf...
CVE-2018-14055
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf...
Debian: Security Advisory (DLA-1427-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...