Hi,ZNC before 1.9.1 has a remote code execution vulnerability in its modtcl module, that can for example be triggered through a prepared kick message
https://wiki.znc.in/ChangeLog/1.9.1Alternatively the following patch needs to be applied to mitigate this vulnerability:
https://github.com/znc/znc/commit/8cbf8d628174ddf23da680f3f117dc54da0eb06eThe vulnerability was discovered and reported by Johannes Kuhn (DasBrain). The patch was created by glguy.
--- Martin
