ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Privilege Escalation
Znc
Debian Linux
NVD
GitHub
CVSS 3.0
6.5
EPSS
1.5%
ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Path Traversal
Znc
Debian Linux
NVD
GitHub
CVSS 3.0
5.3
EPSS
2.0%