Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2010-2785

Published: 02/08/2010 Updated: 09/09/2010
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
VMScore: 655
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Kvirc

Vulnerability Summary

The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452.

Vulnerable Product Search on Vulmon Subscribe to Product

kvirc kvirc 4.0.2

kvirc kvirc 3.0.0

kvirc kvirc 3.4.0

kvirc kvirc 3.0.1

kvirc kvirc 4.0.0

kvirc kvirc 3.4.2

Vendor Advisories

Debian Security Advisories: DSA-2078-1 kvirc -- programming error
It was discovered that incorrect parsing of CTCP commands in kvirc, a KDE-based IRC client, could lead to the execution of arbitrary IRC commands against other users For the stable distribution (lenny), this problem has been fixed in version 2:340-6 For the unstable distribution (sid), this problem has been fixed in version 4:400-3 We recomm ...

Exploits

Exploit DB: KVIrc 4.0 - '\r' Carriage Return in DCC Handshake Remote Command Execution
source: wwwsecurityfocuscom/bid/42026/info KVIrc is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input Exploiting this issue can allow an attacker to execute arbitrary commands within the context of the affected application KVIrc 400 is vulnerable; other versi ...

References

NVD-CWE-Otherhttp://secunia.com/advisories/40727http://www.osvdb.org/66648http://marc.info/?l=oss-security&m=128041011428629&w=2http://bugs.gentoo.org/show_bug.cgi?id=330111http://openwall.com/lists/oss-security/2010/07/28/1http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.htmlhttp://secunia.com/advisories/40796https://svn.kvirc.de/kvirc/ticket/858https://svn.kvirc.de/kvirc/changeset/4693http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.htmlhttps://nvd.nist.govhttps://www.debian.org/security/./dsa-2078https://www.exploit-db.com/exploits/34385/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook