Search criteria
15 vulnerabilities found for kvirc by kvirc
FKIE_CVE-2010-2785
Vulnerability from fkie_nvd - Published: 2010-08-02 20:40 - Updated: 2025-04-11 00:51
Severity ?
Summary
The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kvirc:kvirc:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24A0A10B-8DDC-4C5C-9E71-DE35B5AD4F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvirc:kvirc:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "A97539C0-DAFD-4187-9A31-93F3AF850588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvirc:kvirc:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "CB5277BA-B51B-4086-960A-3351EAB9ACA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvirc:kvirc:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37C39663-F342-4115-B3D5-F97D3525A95A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvirc:kvirc:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B91ED333-CB47-401A-894B-4A1CF5AED8E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvirc:kvirc:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6742F39-882E-47E3-A375-B43C7ED771C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvirc:kvirc:3.4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2D0F8E8D-E1B3-4838-A7E5-9D1678E848CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvirc:kvirc:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63A25E20-68DF-4075-95D7-7652A7E2085B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvirc:kvirc:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CEC61C-E71C-4B70-B127-26E2DE2BB27F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \\ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \\r and \\40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452."
},
{
"lang": "es",
"value": "El componente RC Protocol en KVIrc 3.x y 4.x, en versiones anteriores a la r4693, no maneja adecuadamente caracteres \\ (barra invertida), lo que permite a usuarios locales autenticados ejecutar comandos CTCP de su elecci\u00f3n mediante vectores relacionados con secuencias \\r and \\40, una vulnerabilidad diferente a CVE-2010-2451 y CVE-2010-2452."
}
],
"id": "CVE-2010-2785",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-08-02T20:40:01.560",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=330111"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=oss-security\u0026m=128041011428629\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/07/28/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40727"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40796"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/66648"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://svn.kvirc.de/kvirc/changeset/4693"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://svn.kvirc.de/kvirc/ticket/858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=330111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=oss-security\u0026m=128041011428629\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/07/28/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/66648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://svn.kvirc.de/kvirc/changeset/4693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://svn.kvirc.de/kvirc/ticket/858"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-2452
Vulnerability from fkie_nvd - Published: 2010-06-29 18:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kvirc:kvirc:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B91ED333-CB47-401A-894B-4A1CF5AED8E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvirc:kvirc:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B05312F-F97D-494C-AE32-47239B49DDCA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la funcionalidad DCC en KVIrc v3.4 y v4.0 permite a atacantes remotos sobreescribir archivos de su elecci\u00f3n a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2010-2452",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-06-29T18:30:01.863",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32410"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40349"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2010/dsa-2065"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/40746"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2010/dsa-2065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/40746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1602"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-2451
Vulnerability from fkie_nvd - Published: 2010-06-29 18:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kvirc:kvirc:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B91ED333-CB47-401A-894B-4A1CF5AED8E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvirc:kvirc:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B05312F-F97D-494C-AE32-47239B49DDCA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de formato de cadena en la funcionalidad DCC de KVIrc v3.4 y v4.0, tienen un impacto no especificado y vectores de ataque remoto."
}
],
"id": "CVE-2010-2451",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-06-29T18:30:01.833",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32410"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40349"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2010/dsa-2065"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/40746"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2010/dsa-2065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/40746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1602"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-7070
Vulnerability from fkie_nvd - Published: 2009-08-25 10:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kvirc:kvirc:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6742F39-882E-47E3-A375-B43C7ED771C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a \" (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de argumento en el gestor de la URI en KVIrc v3.4.2 Shiny permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de \" (comillas) seguidas de switches de linea de comando en la URI (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:///. NOTA: Esto deber\u00eda producirse debido a un arreglo incompleto de CVE-2007-2951."
}
],
"id": "CVE-2008-7070",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-08-25T10:30:00.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/kvirc_342_cmd.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32410"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/498557/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32410"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46779"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/7181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/kvirc_342_cmd.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/498557/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/7181"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-4748
Vulnerability from fkie_nvd - Published: 2008-10-27 20:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kvirc:kvirc:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B91ED333-CB47-401A-894B-4A1CF5AED8E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI."
},
{
"lang": "es",
"value": "Vulnerabilidad de formato de cadena en el manejador URI de KVirc v3.4.0, cuando se configura como la aplicaci\u00f3n por defecto para procesar IRC URIs; permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) y puede que ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de unos especificadores de formato de cadena en la URI irc://."
}
],
"id": "CVE-2008-4748",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-10-27T20:00:01.677",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32410"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4508"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31912"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2926"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46114"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31912"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6832"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2010-2785 (GCVE-0-2010-2785)
Vulnerability from cvelistv5 – Published: 2010-08-02 19:00 – Updated: 2024-08-07 02:46
VLAI?
Summary
The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=330111"
},
{
"name": "FEDORA-2010-11524",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html"
},
{
"name": "40796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40796"
},
{
"name": "66648",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/66648"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://svn.kvirc.de/kvirc/changeset/4693"
},
{
"name": "[oss-security] 20100729 Re: CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128041011428629\u0026w=2"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "[oss-security] 20100728 CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/07/28/1"
},
{
"name": "40727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40727"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://svn.kvirc.de/kvirc/ticket/858"
},
{
"name": "FEDORA-2010-11506",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \\ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \\r and \\40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-09T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=330111"
},
{
"name": "FEDORA-2010-11524",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html"
},
{
"name": "40796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40796"
},
{
"name": "66648",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/66648"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://svn.kvirc.de/kvirc/changeset/4693"
},
{
"name": "[oss-security] 20100729 Re: CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128041011428629\u0026w=2"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "[oss-security] 20100728 CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/07/28/1"
},
{
"name": "40727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40727"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://svn.kvirc.de/kvirc/ticket/858"
},
{
"name": "FEDORA-2010-11506",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \\ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \\r and \\40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=330111",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=330111"
},
{
"name": "FEDORA-2010-11524",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html"
},
{
"name": "40796",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40796"
},
{
"name": "66648",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/66648"
},
{
"name": "https://svn.kvirc.de/kvirc/changeset/4693",
"refsource": "CONFIRM",
"url": "https://svn.kvirc.de/kvirc/changeset/4693"
},
{
"name": "[oss-security] 20100729 Re: CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=128041011428629\u0026w=2"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "[oss-security] 20100728 CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/07/28/1"
},
{
"name": "40727",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40727"
},
{
"name": "https://svn.kvirc.de/kvirc/ticket/858",
"refsource": "CONFIRM",
"url": "https://svn.kvirc.de/kvirc/ticket/858"
},
{
"name": "FEDORA-2010-11506",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2785",
"datePublished": "2010-08-02T19:00:00",
"dateReserved": "2010-07-22T00:00:00",
"dateUpdated": "2024-08-07T02:46:48.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2452 (GCVE-0-2010-2452)
Vulnerability from cvelistv5 – Published: 2010-06-29 18:00 – Updated: 2024-08-07 02:32
VLAI?
Summary
Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:32:16.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2010-10522",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html"
},
{
"name": "[KVIrc] 20100517 Proposal for a stable release of kvirc4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html"
},
{
"name": "40746",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40746"
},
{
"name": "ADV-2010-1602",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1602"
},
{
"name": "FEDORA-2010-10529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html"
},
{
"name": "DSA-2065",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2065"
},
{
"name": "40349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40349"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "32410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32410"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2010-10522",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html"
},
{
"name": "[KVIrc] 20100517 Proposal for a stable release of kvirc4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html"
},
{
"name": "40746",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40746"
},
{
"name": "ADV-2010-1602",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1602"
},
{
"name": "FEDORA-2010-10529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html"
},
{
"name": "DSA-2065",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2065"
},
{
"name": "40349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40349"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "32410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32410"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2010-10522",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html"
},
{
"name": "[KVIrc] 20100517 Proposal for a stable release of kvirc4",
"refsource": "MLIST",
"url": "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html"
},
{
"name": "40746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40746"
},
{
"name": "ADV-2010-1602",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1602"
},
{
"name": "FEDORA-2010-10529",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html"
},
{
"name": "DSA-2065",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2065"
},
{
"name": "40349",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40349"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "32410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32410"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2452",
"datePublished": "2010-06-29T18:00:00",
"dateReserved": "2010-06-24T00:00:00",
"dateUpdated": "2024-08-07T02:32:16.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2451 (GCVE-0-2010-2451)
Vulnerability from cvelistv5 – Published: 2010-06-29 18:00 – Updated: 2024-08-07 02:32
VLAI?
Summary
Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:32:16.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2010-10522",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html"
},
{
"name": "[KVIrc] 20100517 Proposal for a stable release of kvirc4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html"
},
{
"name": "40746",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40746"
},
{
"name": "ADV-2010-1602",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1602"
},
{
"name": "FEDORA-2010-10529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html"
},
{
"name": "DSA-2065",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2065"
},
{
"name": "40349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40349"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "32410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32410"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2010-10522",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html"
},
{
"name": "[KVIrc] 20100517 Proposal for a stable release of kvirc4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html"
},
{
"name": "40746",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40746"
},
{
"name": "ADV-2010-1602",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1602"
},
{
"name": "FEDORA-2010-10529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html"
},
{
"name": "DSA-2065",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2065"
},
{
"name": "40349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40349"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "32410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32410"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2010-10522",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html"
},
{
"name": "[KVIrc] 20100517 Proposal for a stable release of kvirc4",
"refsource": "MLIST",
"url": "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html"
},
{
"name": "40746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40746"
},
{
"name": "ADV-2010-1602",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1602"
},
{
"name": "FEDORA-2010-10529",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html"
},
{
"name": "DSA-2065",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2065"
},
{
"name": "40349",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40349"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "32410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32410"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2451",
"datePublished": "2010-06-29T18:00:00",
"dateReserved": "2010-06-24T00:00:00",
"dateUpdated": "2024-08-07T02:32:16.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7070 (GCVE-0-2008-7070)
Vulnerability from cvelistv5 – Published: 2009-08-25 10:00 – Updated: 2024-08-07 11:56
VLAI?
Summary
Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:13.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/kvirc_342_cmd.html"
},
{
"name": "20081121 KVIrc 3.4.2 Shiny (uri handler) remote command execution exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498557/100/0/threaded"
},
{
"name": "7181",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7181"
},
{
"name": "32410",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32410"
},
{
"name": "32410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32410"
},
{
"name": "kvirc-multiple-uri-command-execution(46779)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46779"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a \" (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/kvirc_342_cmd.html"
},
{
"name": "20081121 KVIrc 3.4.2 Shiny (uri handler) remote command execution exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498557/100/0/threaded"
},
{
"name": "7181",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7181"
},
{
"name": "32410",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32410"
},
{
"name": "32410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32410"
},
{
"name": "kvirc-multiple-uri-command-execution(46779)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46779"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a \" (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://retrogod.altervista.org/kvirc_342_cmd.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/kvirc_342_cmd.html"
},
{
"name": "20081121 KVIrc 3.4.2 Shiny (uri handler) remote command execution exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498557/100/0/threaded"
},
{
"name": "7181",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7181"
},
{
"name": "32410",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32410"
},
{
"name": "32410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32410"
},
{
"name": "kvirc-multiple-uri-command-execution(46779)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46779"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7070",
"datePublished": "2009-08-25T10:00:00",
"dateReserved": "2009-08-24T00:00:00",
"dateUpdated": "2024-08-07T11:56:13.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4748 (GCVE-0-2008-4748)
Vulnerability from cvelistv5 – Published: 2008-10-27 19:00 – Updated: 2024-08-07 10:24
VLAI?
Summary
Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:21.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6832",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6832"
},
{
"name": "31912",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31912"
},
{
"name": "kvirc-irc-format-string(46114)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46114"
},
{
"name": "4508",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4508"
},
{
"name": "ADV-2008-2926",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2926"
},
{
"name": "32410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32410"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6832",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6832"
},
{
"name": "31912",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31912"
},
{
"name": "kvirc-irc-format-string(46114)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46114"
},
{
"name": "4508",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4508"
},
{
"name": "ADV-2008-2926",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2926"
},
{
"name": "32410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32410"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6832",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6832"
},
{
"name": "31912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31912"
},
{
"name": "kvirc-irc-format-string(46114)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46114"
},
{
"name": "4508",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4508"
},
{
"name": "ADV-2008-2926",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2926"
},
{
"name": "32410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32410"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4748",
"datePublished": "2008-10-27T19:00:00",
"dateReserved": "2008-10-27T00:00:00",
"dateUpdated": "2024-08-07T10:24:21.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2785 (GCVE-0-2010-2785)
Vulnerability from nvd – Published: 2010-08-02 19:00 – Updated: 2024-08-07 02:46
VLAI?
Summary
The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=330111"
},
{
"name": "FEDORA-2010-11524",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html"
},
{
"name": "40796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40796"
},
{
"name": "66648",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/66648"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://svn.kvirc.de/kvirc/changeset/4693"
},
{
"name": "[oss-security] 20100729 Re: CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128041011428629\u0026w=2"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "[oss-security] 20100728 CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/07/28/1"
},
{
"name": "40727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40727"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://svn.kvirc.de/kvirc/ticket/858"
},
{
"name": "FEDORA-2010-11506",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \\ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \\r and \\40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-09T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=330111"
},
{
"name": "FEDORA-2010-11524",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html"
},
{
"name": "40796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40796"
},
{
"name": "66648",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/66648"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://svn.kvirc.de/kvirc/changeset/4693"
},
{
"name": "[oss-security] 20100729 Re: CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128041011428629\u0026w=2"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "[oss-security] 20100728 CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/07/28/1"
},
{
"name": "40727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40727"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://svn.kvirc.de/kvirc/ticket/858"
},
{
"name": "FEDORA-2010-11506",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \\ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \\r and \\40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=330111",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=330111"
},
{
"name": "FEDORA-2010-11524",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html"
},
{
"name": "40796",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40796"
},
{
"name": "66648",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/66648"
},
{
"name": "https://svn.kvirc.de/kvirc/changeset/4693",
"refsource": "CONFIRM",
"url": "https://svn.kvirc.de/kvirc/changeset/4693"
},
{
"name": "[oss-security] 20100729 Re: CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=128041011428629\u0026w=2"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "[oss-security] 20100728 CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/07/28/1"
},
{
"name": "40727",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40727"
},
{
"name": "https://svn.kvirc.de/kvirc/ticket/858",
"refsource": "CONFIRM",
"url": "https://svn.kvirc.de/kvirc/ticket/858"
},
{
"name": "FEDORA-2010-11506",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2785",
"datePublished": "2010-08-02T19:00:00",
"dateReserved": "2010-07-22T00:00:00",
"dateUpdated": "2024-08-07T02:46:48.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2452 (GCVE-0-2010-2452)
Vulnerability from nvd – Published: 2010-06-29 18:00 – Updated: 2024-08-07 02:32
VLAI?
Summary
Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:32:16.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2010-10522",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html"
},
{
"name": "[KVIrc] 20100517 Proposal for a stable release of kvirc4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html"
},
{
"name": "40746",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40746"
},
{
"name": "ADV-2010-1602",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1602"
},
{
"name": "FEDORA-2010-10529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html"
},
{
"name": "DSA-2065",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2065"
},
{
"name": "40349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40349"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "32410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32410"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2010-10522",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html"
},
{
"name": "[KVIrc] 20100517 Proposal for a stable release of kvirc4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html"
},
{
"name": "40746",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40746"
},
{
"name": "ADV-2010-1602",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1602"
},
{
"name": "FEDORA-2010-10529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html"
},
{
"name": "DSA-2065",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2065"
},
{
"name": "40349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40349"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "32410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32410"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2010-10522",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html"
},
{
"name": "[KVIrc] 20100517 Proposal for a stable release of kvirc4",
"refsource": "MLIST",
"url": "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html"
},
{
"name": "40746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40746"
},
{
"name": "ADV-2010-1602",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1602"
},
{
"name": "FEDORA-2010-10529",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html"
},
{
"name": "DSA-2065",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2065"
},
{
"name": "40349",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40349"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "32410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32410"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2452",
"datePublished": "2010-06-29T18:00:00",
"dateReserved": "2010-06-24T00:00:00",
"dateUpdated": "2024-08-07T02:32:16.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2451 (GCVE-0-2010-2451)
Vulnerability from nvd – Published: 2010-06-29 18:00 – Updated: 2024-08-07 02:32
VLAI?
Summary
Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:32:16.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2010-10522",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html"
},
{
"name": "[KVIrc] 20100517 Proposal for a stable release of kvirc4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html"
},
{
"name": "40746",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40746"
},
{
"name": "ADV-2010-1602",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1602"
},
{
"name": "FEDORA-2010-10529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html"
},
{
"name": "DSA-2065",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2065"
},
{
"name": "40349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40349"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "32410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32410"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2010-10522",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html"
},
{
"name": "[KVIrc] 20100517 Proposal for a stable release of kvirc4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html"
},
{
"name": "40746",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40746"
},
{
"name": "ADV-2010-1602",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1602"
},
{
"name": "FEDORA-2010-10529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html"
},
{
"name": "DSA-2065",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2065"
},
{
"name": "40349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40349"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "32410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32410"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2010-10522",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html"
},
{
"name": "[KVIrc] 20100517 Proposal for a stable release of kvirc4",
"refsource": "MLIST",
"url": "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html"
},
{
"name": "40746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40746"
},
{
"name": "ADV-2010-1602",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1602"
},
{
"name": "FEDORA-2010-10529",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html"
},
{
"name": "DSA-2065",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2065"
},
{
"name": "40349",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40349"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "32410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32410"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2451",
"datePublished": "2010-06-29T18:00:00",
"dateReserved": "2010-06-24T00:00:00",
"dateUpdated": "2024-08-07T02:32:16.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7070 (GCVE-0-2008-7070)
Vulnerability from nvd – Published: 2009-08-25 10:00 – Updated: 2024-08-07 11:56
VLAI?
Summary
Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:13.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/kvirc_342_cmd.html"
},
{
"name": "20081121 KVIrc 3.4.2 Shiny (uri handler) remote command execution exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498557/100/0/threaded"
},
{
"name": "7181",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7181"
},
{
"name": "32410",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32410"
},
{
"name": "32410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32410"
},
{
"name": "kvirc-multiple-uri-command-execution(46779)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46779"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a \" (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/kvirc_342_cmd.html"
},
{
"name": "20081121 KVIrc 3.4.2 Shiny (uri handler) remote command execution exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498557/100/0/threaded"
},
{
"name": "7181",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7181"
},
{
"name": "32410",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32410"
},
{
"name": "32410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32410"
},
{
"name": "kvirc-multiple-uri-command-execution(46779)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46779"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a \" (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://retrogod.altervista.org/kvirc_342_cmd.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/kvirc_342_cmd.html"
},
{
"name": "20081121 KVIrc 3.4.2 Shiny (uri handler) remote command execution exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498557/100/0/threaded"
},
{
"name": "7181",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7181"
},
{
"name": "32410",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32410"
},
{
"name": "32410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32410"
},
{
"name": "kvirc-multiple-uri-command-execution(46779)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46779"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7070",
"datePublished": "2009-08-25T10:00:00",
"dateReserved": "2009-08-24T00:00:00",
"dateUpdated": "2024-08-07T11:56:13.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4748 (GCVE-0-2008-4748)
Vulnerability from nvd – Published: 2008-10-27 19:00 – Updated: 2024-08-07 10:24
VLAI?
Summary
Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:21.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6832",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6832"
},
{
"name": "31912",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31912"
},
{
"name": "kvirc-irc-format-string(46114)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46114"
},
{
"name": "4508",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4508"
},
{
"name": "ADV-2008-2926",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2926"
},
{
"name": "32410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32410"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6832",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6832"
},
{
"name": "31912",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31912"
},
{
"name": "kvirc-irc-format-string(46114)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46114"
},
{
"name": "4508",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4508"
},
{
"name": "ADV-2008-2926",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2926"
},
{
"name": "32410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32410"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6832",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6832"
},
{
"name": "31912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31912"
},
{
"name": "kvirc-irc-format-string(46114)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46114"
},
{
"name": "4508",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4508"
},
{
"name": "ADV-2008-2926",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2926"
},
{
"name": "32410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32410"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4748",
"datePublished": "2008-10-27T19:00:00",
"dateReserved": "2008-10-27T00:00:00",
"dateUpdated": "2024-08-07T10:24:21.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}