Summary
ZNC is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue can allow an authenticated attacker to upload and overwrite files on the affected computer. Successful exploits will lead to other attacks.
Versions prior to ZNC 0.072 are vulnerable,
Solution
Updates are available. Please see the references for more information.
References
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Air Remote Code Execution Vulnerability -June13 (Mac OS X)
- Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X
- Adobe Captivate Insecure Library Loading Vulnerability
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Mac OS X)
- Adobe Air Multiple Vulnerabilities - November12 (Windows)