CVE-2009-2658

ZNC < 0.072 - Unauthenticated Path Traversal and Arbitrary File Write via DCC SEND Request

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request.

References (7)

Core 7
Core References
Various Sources x_refsource_confirm
http://en.znc.in/w/index.php?title=ZNC&oldid=3209#WARNING
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/07/21/5
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00965.html
Patch, Vendor Advisory x_refsource_confirm
http://en.znc.in/wiki/ChangeLog/0.072
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35916
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1848

Scores

EPSS 0.0292
EPSS Percentile 85.3%

Details

CWE
CWE-22
Status published
Products (13)
znc/znc 0.044
znc/znc 0.045
znc/znc 0.047
znc/znc 0.052
znc/znc 0.054
znc/znc 0.056
znc/znc 0.058
znc/znc 0.060
znc/znc 0.062
znc/znc 0.064
... and 3 more
Published Aug 04, 2009
Tracked Since Feb 18, 2026