ZNC File Upload Directory Traversal Vulnerability Network Vulnerability

Summary

ZNC is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an authenticated attacker to upload and overwrite files on the affected computer. Successful exploits will lead to other attacks. Versions prior to ZNC 0.072 are vulnerable,

Solution

Updates are available. Please see the references for more information.

References

http://en.znc.in/wiki/ZNC
http://www.securityfocus.com/bid/35757
http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1570

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Air Remote Code Execution Vulnerability -June13 (Mac OS X)
Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X
Adobe Captivate Insecure Library Loading Vulnerability
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Mac OS X)
Adobe Air Multiple Vulnerabilities - November12 (Windows)

Take action and discover your vulnerabilities