Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
7 vulnerabilities by kvirc
CVE-2010-2785 (GCVE-0-2010-2785)
Vulnerability from cvelistv5 – Published: 2010-08-02 19:00 – Updated: 2024-08-07 02:46
VLAI
Summary
The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://bugs.gentoo.org/show_bug.cgi?id=330111 | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://secunia.com/advisories/40796 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/66648 | vdb-entryx_refsource_OSVDB |
| https://svn.kvirc.de/kvirc/changeset/4693 | x_refsource_CONFIRM |
| http://marc.info/?l=oss-security&m=128041011428629&w=2 | mailing-listx_refsource_MLIST |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://openwall.com/lists/oss-security/2010/07/28/1 | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/40727 | third-party-advisoryx_refsource_SECUNIA |
| https://svn.kvirc.de/kvirc/ticket/858 | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
Date Public
2010-07-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=330111"
},
{
"name": "FEDORA-2010-11524",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html"
},
{
"name": "40796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40796"
},
{
"name": "66648",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/66648"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://svn.kvirc.de/kvirc/changeset/4693"
},
{
"name": "[oss-security] 20100729 Re: CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128041011428629\u0026w=2"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "[oss-security] 20100728 CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/07/28/1"
},
{
"name": "40727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40727"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://svn.kvirc.de/kvirc/ticket/858"
},
{
"name": "FEDORA-2010-11506",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \\ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \\r and \\40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-09T09:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=330111"
},
{
"name": "FEDORA-2010-11524",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html"
},
{
"name": "40796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40796"
},
{
"name": "66648",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/66648"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://svn.kvirc.de/kvirc/changeset/4693"
},
{
"name": "[oss-security] 20100729 Re: CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128041011428629\u0026w=2"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "[oss-security] 20100728 CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/07/28/1"
},
{
"name": "40727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40727"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://svn.kvirc.de/kvirc/ticket/858"
},
{
"name": "FEDORA-2010-11506",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \\ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \\r and \\40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=330111",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=330111"
},
{
"name": "FEDORA-2010-11524",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html"
},
{
"name": "40796",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40796"
},
{
"name": "66648",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/66648"
},
{
"name": "https://svn.kvirc.de/kvirc/changeset/4693",
"refsource": "CONFIRM",
"url": "https://svn.kvirc.de/kvirc/changeset/4693"
},
{
"name": "[oss-security] 20100729 Re: CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=128041011428629\u0026w=2"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "[oss-security] 20100728 CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/07/28/1"
},
{
"name": "40727",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40727"
},
{
"name": "https://svn.kvirc.de/kvirc/ticket/858",
"refsource": "CONFIRM",
"url": "https://svn.kvirc.de/kvirc/ticket/858"
},
{
"name": "FEDORA-2010-11506",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2785",
"datePublished": "2010-08-02T19:00:00.000Z",
"dateReserved": "2010-07-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:46:48.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2452 (GCVE-0-2010-2452)
Vulnerability from cvelistv5 – Published: 2010-06-29 18:00 – Updated: 2024-08-07 02:32
VLAI
Summary
Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://lists.omnikron.net/pipermail/kvirc/2010-Ma… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/40746 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2010/1602 | vdb-entryx_refsource_VUPEN |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.debian.org/security/2010/dsa-2065 | vendor-advisoryx_refsource_DEBIAN |
| http://secunia.com/advisories/40349 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://secunia.com/advisories/32410 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2010-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:32:16.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2010-10522",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html"
},
{
"name": "[KVIrc] 20100517 Proposal for a stable release of kvirc4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html"
},
{
"name": "40746",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40746"
},
{
"name": "ADV-2010-1602",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1602"
},
{
"name": "FEDORA-2010-10529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html"
},
{
"name": "DSA-2065",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2065"
},
{
"name": "40349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40349"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "32410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32410"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-09T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2010-10522",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html"
},
{
"name": "[KVIrc] 20100517 Proposal for a stable release of kvirc4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html"
},
{
"name": "40746",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40746"
},
{
"name": "ADV-2010-1602",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1602"
},
{
"name": "FEDORA-2010-10529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html"
},
{
"name": "DSA-2065",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2065"
},
{
"name": "40349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40349"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "32410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32410"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2010-10522",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html"
},
{
"name": "[KVIrc] 20100517 Proposal for a stable release of kvirc4",
"refsource": "MLIST",
"url": "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html"
},
{
"name": "40746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40746"
},
{
"name": "ADV-2010-1602",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1602"
},
{
"name": "FEDORA-2010-10529",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html"
},
{
"name": "DSA-2065",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2065"
},
{
"name": "40349",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40349"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "32410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32410"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2452",
"datePublished": "2010-06-29T18:00:00.000Z",
"dateReserved": "2010-06-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:32:16.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2451 (GCVE-0-2010-2451)
Vulnerability from cvelistv5 – Published: 2010-06-29 18:00 – Updated: 2024-08-07 02:32
VLAI
Summary
Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://lists.omnikron.net/pipermail/kvirc/2010-Ma… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/40746 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2010/1602 | vdb-entryx_refsource_VUPEN |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.debian.org/security/2010/dsa-2065 | vendor-advisoryx_refsource_DEBIAN |
| http://secunia.com/advisories/40349 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://secunia.com/advisories/32410 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2010-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:32:16.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2010-10522",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html"
},
{
"name": "[KVIrc] 20100517 Proposal for a stable release of kvirc4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html"
},
{
"name": "40746",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40746"
},
{
"name": "ADV-2010-1602",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1602"
},
{
"name": "FEDORA-2010-10529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html"
},
{
"name": "DSA-2065",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2065"
},
{
"name": "40349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40349"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "32410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32410"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-09T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2010-10522",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html"
},
{
"name": "[KVIrc] 20100517 Proposal for a stable release of kvirc4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html"
},
{
"name": "40746",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40746"
},
{
"name": "ADV-2010-1602",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1602"
},
{
"name": "FEDORA-2010-10529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html"
},
{
"name": "DSA-2065",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2065"
},
{
"name": "40349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40349"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "32410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32410"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2010-10522",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html"
},
{
"name": "[KVIrc] 20100517 Proposal for a stable release of kvirc4",
"refsource": "MLIST",
"url": "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html"
},
{
"name": "40746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40746"
},
{
"name": "ADV-2010-1602",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1602"
},
{
"name": "FEDORA-2010-10529",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html"
},
{
"name": "DSA-2065",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2065"
},
{
"name": "40349",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40349"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "32410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32410"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2451",
"datePublished": "2010-06-29T18:00:00.000Z",
"dateReserved": "2010-06-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:32:16.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7070 (GCVE-0-2008-7070)
Vulnerability from cvelistv5 – Published: 2009-08-25 10:00 – Updated: 2024-08-07 11:56
VLAI
Summary
Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://retrogod.altervista.org/kvirc_342_cmd.html | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/498557/100… | mailing-listx_refsource_BUGTRAQ |
| https://www.exploit-db.com/exploits/7181 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/32410 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/32410 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-11-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:13.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/kvirc_342_cmd.html"
},
{
"name": "20081121 KVIrc 3.4.2 Shiny (uri handler) remote command execution exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498557/100/0/threaded"
},
{
"name": "7181",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7181"
},
{
"name": "32410",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32410"
},
{
"name": "32410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32410"
},
{
"name": "kvirc-multiple-uri-command-execution(46779)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46779"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a \" (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/kvirc_342_cmd.html"
},
{
"name": "20081121 KVIrc 3.4.2 Shiny (uri handler) remote command execution exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498557/100/0/threaded"
},
{
"name": "7181",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7181"
},
{
"name": "32410",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32410"
},
{
"name": "32410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32410"
},
{
"name": "kvirc-multiple-uri-command-execution(46779)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46779"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a \" (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://retrogod.altervista.org/kvirc_342_cmd.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/kvirc_342_cmd.html"
},
{
"name": "20081121 KVIrc 3.4.2 Shiny (uri handler) remote command execution exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498557/100/0/threaded"
},
{
"name": "7181",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7181"
},
{
"name": "32410",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32410"
},
{
"name": "32410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32410"
},
{
"name": "kvirc-multiple-uri-command-execution(46779)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46779"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7070",
"datePublished": "2009-08-25T10:00:00.000Z",
"dateReserved": "2009-08-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:56:13.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4748 (GCVE-0-2008-4748)
Vulnerability from cvelistv5 – Published: 2008-10-27 19:00 – Updated: 2024-08-07 10:24
VLAI
Summary
Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/6832 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/31912 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/4508 | third-party-advisoryx_refsource_SREASON |
| http://www.vupen.com/english/advisories/2008/2926 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/32410 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-10-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:21.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6832",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6832"
},
{
"name": "31912",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31912"
},
{
"name": "kvirc-irc-format-string(46114)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46114"
},
{
"name": "4508",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4508"
},
{
"name": "ADV-2008-2926",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2926"
},
{
"name": "32410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32410"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6832",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6832"
},
{
"name": "31912",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31912"
},
{
"name": "kvirc-irc-format-string(46114)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46114"
},
{
"name": "4508",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4508"
},
{
"name": "ADV-2008-2926",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2926"
},
{
"name": "32410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32410"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6832",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6832"
},
{
"name": "31912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31912"
},
{
"name": "kvirc-irc-format-string(46114)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46114"
},
{
"name": "4508",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4508"
},
{
"name": "ADV-2008-2926",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2926"
},
{
"name": "32410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32410"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4748",
"datePublished": "2008-10-27T19:00:00.000Z",
"dateReserved": "2008-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:24:21.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2951 (GCVE-0-2007-2951)
Vulnerability from cvelistv5 – Published: 2007-06-26 18:00 – Updated: 2024-08-07 13:57
VLAI
Summary
The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an (1) irc:// or (2) irc6:// URI.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://svn.kvirc.de/kvirc/changeset/630/#file3 | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/472441/100… | mailing-listx_refsource_BUGTRAQ |
| http://security.gentoo.org/glsa/glsa-200709-02.xml | vendor-advisoryx_refsource_GENTOO |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/26813 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2007/2334 | vdb-entryx_refsource_VUPEN |
| http://osvdb.org/37604 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/24652 | vdb-entryx_refsource_BID |
| http://www.novell.com/linux/security/advisories/2… | vendor-advisoryx_refsource_SUSE |
| http://secunia.com/secunia_research/2007-56/advisory/ | x_refsource_MISC |
| http://secunia.com/advisories/25740 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2007-06-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://svn.kvirc.de/kvirc/changeset/630/#file3"
},
{
"name": "20070628 Secunia Research: KVIrc irc:// URI Handler Command ExecutionVulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472441/100/0/threaded"
},
{
"name": "GLSA-200709-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-02.xml"
},
{
"name": "kvirc-parseircurl-command-execution(35087)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35087"
},
{
"name": "26813",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26813"
},
{
"name": "ADV-2007-2334",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2334"
},
{
"name": "37604",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37604"
},
{
"name": "24652",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24652"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2007-56/advisory/"
},
{
"name": "25740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25740"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an (1) irc:// or (2) irc6:// URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://svn.kvirc.de/kvirc/changeset/630/#file3"
},
{
"name": "20070628 Secunia Research: KVIrc irc:// URI Handler Command ExecutionVulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472441/100/0/threaded"
},
{
"name": "GLSA-200709-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-02.xml"
},
{
"name": "kvirc-parseircurl-command-execution(35087)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35087"
},
{
"name": "26813",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26813"
},
{
"name": "ADV-2007-2334",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2334"
},
{
"name": "37604",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37604"
},
{
"name": "24652",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24652"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2007-56/advisory/"
},
{
"name": "25740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25740"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2007-2951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an (1) irc:// or (2) irc6:// URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://svn.kvirc.de/kvirc/changeset/630/#file3",
"refsource": "CONFIRM",
"url": "https://svn.kvirc.de/kvirc/changeset/630/#file3"
},
{
"name": "20070628 Secunia Research: KVIrc irc:// URI Handler Command ExecutionVulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472441/100/0/threaded"
},
{
"name": "GLSA-200709-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200709-02.xml"
},
{
"name": "kvirc-parseircurl-command-execution(35087)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35087"
},
{
"name": "26813",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26813"
},
{
"name": "ADV-2007-2334",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2334"
},
{
"name": "37604",
"refsource": "OSVDB",
"url": "http://osvdb.org/37604"
},
{
"name": "24652",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24652"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"name": "http://secunia.com/secunia_research/2007-56/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2007-56/advisory/"
},
{
"name": "25740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25740"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2007-2951",
"datePublished": "2007-06-26T18:00:00.000Z",
"dateReserved": "2007-05-31T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:57:54.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1351 (GCVE-0-1999-1351)
Vulnerability from cvelistv5 – Published: 2002-03-09 05:00 – Updated: 2024-08-01 17:11
VLAI
Summary
Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the "Listen to !nick <soundname> requests" option enabled allows remote attackers to read arbitrary files via a .. (dot dot) in a DCC GET request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.iss.net/security_center/static/7761.php | vdb-entryx_refsource_XF |
| http://marc.info/?l=bugtraq&m=93845560631314&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public
1999-09-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:11:02.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "kvirc-dot-directory-traversal(7761)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7761.php"
},
{
"name": "19990924 Kvirc bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=93845560631314\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the \"Listen to !nick \u003csoundname\u003e requests\" option enabled allows remote attackers to read arbitrary files via a .. (dot dot) in a DCC GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-18T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "kvirc-dot-directory-traversal(7761)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7761.php"
},
{
"name": "19990924 Kvirc bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=93845560631314\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the \"Listen to !nick \u003csoundname\u003e requests\" option enabled allows remote attackers to read arbitrary files via a .. (dot dot) in a DCC GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "kvirc-dot-directory-traversal(7761)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7761.php"
},
{
"name": "19990924 Kvirc bug",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=93845560631314\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1351",
"datePublished": "2002-03-09T05:00:00.000Z",
"dateReserved": "2001-08-31T00:00:00.000Z",
"dateUpdated": "2024-08-01T17:11:02.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}