Computer Security
[EN] securityvulns.ru no-pyccku


kvirc IRC client multiple security vulnerabilities
updated since 29.06.2010
Published:14.08.2010
Source:
SecurityVulns ID:10961
Type:remote
Threat Level:
5/10
Description:Directory traversal, format string vulnerability.
Affected:KVIRC : kvirc 4.0
CVE:CVE-2010-2785 (The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452.)
 CVE-2010-2452 (Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors.)
 CVE-2010-2451 (Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2078-1] New kvirc packages fix arbitrary IRC command execution (14.08.2010)
 documentDEBIAN, [SECURITY] [DSA 2065-1] New kvirc packages fix several vulnerabilities (29.06.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod