CVE-2009-2658
ZNC < 0.072 - Unauthenticated Path Traversal and Arbitrary File Write via DCC SEND Request
Title source: llmDescription
Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request.
References (7)
Core 7
Core References
Various Sources x_refsource_confirm
http://en.znc.in/w/index.php?title=ZNC&oldid=3209#WARNING
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/07/21/5
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00965.html
Product x_refsource_confirm
http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1570
Patch, Vendor Advisory x_refsource_confirm
http://en.znc.in/wiki/ChangeLog/0.072
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35916
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1848
Scores
EPSS
0.0292
EPSS Percentile
85.3%
Details
CWE
CWE-22
Status
published
Products (13)
znc/znc
0.044
znc/znc
0.045
znc/znc
0.047
znc/znc
0.052
znc/znc
0.054
znc/znc
0.056
znc/znc
0.058
znc/znc
0.060
znc/znc
0.062
znc/znc
0.064
... and 3 more
Published
Aug 04, 2009
Tracked Since
Feb 18, 2026