CVE-2010-2809 – uzbl 'uzbl-core' - '@SELECTED_URI' Mouse Button Bindings Command Injection
https://notcve.org/view.php?id=CVE-2010-2809
The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document. La configuración por defecto de <Button2> binding en Uzbl anterior a 2010.08.05 no utiliza adecuadamente la característica @SELECTED_URI, lo que permite a atacantes remotos asistidos por usuarios ejecutar comandos de su elección a través de un atributo HREF de un elemento A en un docuemnto HTML. • https://www.exploit-db.com/exploits/34426 http://github.com/Dieterbe/uzbl/commit/9cc39cb5c9396be013b5dc2ba7e4b3eaa647e975 http://github.com/pawelz/uzbl/commit/342f292c27973c9df5f631a38bd12f14a9c5cdc2 http://marc.info/?l=oss-security&m=128111493509265&w=2 http://marc.info/?l=oss-security&m=128111994317381&w=2 http://www.securityfocus.com/bid/42297 http://www.uzbl.org/bugs/index.php?do=details&task_id=240 http://www.uzbl.org/news.php?id=29 https://bugzilla.redhat.com/show_bug.cgi? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2010-0011
https://notcve.org/view.php?id=CVE-2010-0011
The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code. La función eval_js en uzbl-core.c en Uzbl anterior a v2010.01.05 muestra el método de ejecución del objeto Uzbl, lo que permite a atacantes remotos ejecutar comandos de su elección a través de código JavaScript. • http://github.com/Dieterbe/uzbl/commit/1958b52d41cba96956dc1995660de49525ed1047 http://github.com/Dieterbe/uzbl/downloads http://lists.uzbl.org/pipermail/uzbl-dev-uzbl.org/2010-January/000586.html http://www.openwall.com/lists/oss-security/2010/01/06/1 http://www.openwall.com/lists/oss-security/2010/01/06/3 http://www.uzbl.org/news.php?id=22 https://exchange.xforce.ibmcloud.com/vulnerabilities/56612 • CWE-264: Permissions, Privileges, and Access Controls •