2 results (0.002 seconds)

CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 3

Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. Vulnerabilidad de inyección Eval en xdg-utils 1.1.0 RC1, cuando se identifica que el entorno de escritorio no está soportado, permite a atacantes dependientes de contexto ejecutar código arbitrario a través de un argumento URL a xdg-open. • http://seclists.org/fulldisclosure/2014/Nov/36 http://secunia.com/advisories/62155 http://www.debian.org/security/2015/dsa-3131 http://www.openwall.com/lists/oss-security/2015/01/17/10 http://www.securityfocus.com/bid/71284 https://bugs.freedesktop.org/show_bug.cgi?id=66670 https://bugs.gentoo.org/show_bug.cgi?id=472888 https://security.gentoo.org/glsa/201701-09 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 6.8EPSS: 4%CPEs: 5EXPL: 6

Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email. Xdg-utils 1.0.2 y versiones anteriores permite a atacantes remotos ayudados por un usuario ejecutar comandos de su elección a través de metacaracteres de consola en un argumento URL a (1) xdg-open or (2) xdg-email. • http://bugs.gentoo.org/show_bug.cgi?id=207331 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html http://secunia.com/advisories/28638 http://secunia.com/advisories/28728 http://secunia.com/advisories/29048 http://security.gentoo.org/glsa/glsa-200801-21.xml http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-email.in?r1=1.24&r2=1.25 http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-email.in?view=log http://webcvs. • CWE-20: Improper Input Validation •