Lucene search

K

Shutter 0.93.1 - Code Execution

🗓️ 26 Dec 2016 00:00:00Reported by PrajithType 
exploitdb
 exploitdb
🔗 www.exploit-db.com👁 16 Views

Shutter 0.93.1 - Code Execution CVE-2016-10081 /usr/bin/shutter allows user-assisted remote attackers to execute arbitrary command

Show more
Related
Code
ReporterTitlePublishedViews
Family
Cvelist
CVE-2016-10081
29 Dec 201618:00
cvelist
exploitpack
Shutter 0.93.1 - Code Execution
26 Dec 201600:00
exploitpack
CVE
CVE-2016-10081
29 Dec 201618:59
cve
OpenVAS
Mageia: Security Advisory (MGASA-2017-0292)
28 Jan 202200:00
openvas
OpenVAS
Fedora: Security Advisory for shutter (FEDORA-2021-5b74a5a0db)
30 Aug 202100:00
openvas
Fedora
[SECURITY] Fedora 33 Update: shutter-0.98-5.fc33
29 Aug 202101:14
fedora
Packet Storm
Shutter 0.93.1 Code Execution
22 Feb 201700:00
packetstorm
UbuntuCve
CVE-2016-10081
29 Dec 201600:00
ubuntucve
Tenable Nessus
openSUSE Security Update : shutter (openSUSE-2017-952)
18 Aug 201700:00
nessus
Prion
Design/Logic Flaw
29 Dec 201618:59
prion
Rows per page
# Exploit Title: Shutter user-assisted remote code execution
# Date: 2016-12-26
# Software Link: http://shutter-project.org/
# Version: 0.93.1
# Tested on: Ubuntu,  Debian
# Exploit Author: Prajith P
# Website: http://prajith.in/
# Author Mail: [email protected]
# CVE: CVE-2016-10081

1. Description.
   /usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote
attackers to execute arbitrary commands via a crafted image name that is
mishandled during a "Run a plugin" action.

2. Proof of concept.
   1) Rename an image to something like "$(firefox)"
   2) Open the renamed file in shutter
   3) Click the "Run a plugin" option and select any plugin from the list and click "Run"

3. Solution:
  https://bugs.launchpad.net/shutter/+bug/1652600


Thanks,
Prajithh

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
26 Dec 2016 00:00Current
7.6High risk
Vulners AI Score7.6
CVSS29.3
CVSS37.8
EPSS0.014
16
.json
Report