Lucene search
Prajith PPACKETSTORM:141226HistoryFeb 22, 2017 - 12:00 a.m.
Shutter 0.93.1 Code Execution
2017-02-2200:00:00
Prajith P
packetstormsecurity.com
15
0.017 Low
EPSS
Percentile
87.8%
`# Exploit Title: Shutter user-assisted remote code execution
# Date: 2016-12-26
# Software Link: http://shutter-project.org/
# Version: 0.93.1
# Tested on: Ubuntu, Debian
# Exploit Author: Prajith P
# Website: http://prajith.in/
# Author Mail: [email protected]
# CVE: CVE-2016-10081
1. Description.
/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote
attackers to execute arbitrary commands via a crafted image name that is
mishandled during a "Run a plugin" action.
2. Proof of concept.
1) Rename an image to something like "$(firefox)"
2) Open the renamed file in shutter
3) Click the "Run a plugin" option and select any plugin from the list and click "Run"
3. Solution:
https://bugs.launchpad.net/shutter/+bug/1652600
Thanks,
Prajithh
`
Related
cvelist
cvelist
CVE-2016-10081
2016-12-29 18:00:00
cve
cve
CVE-2016-10081
2016-12-29 18:59:00
exploitpack
exploitpack
Shutter 0.93.1 - Code Execution
2016-12-26 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2017-0292)
2022-01-28 00:00:00
Fedora: Security Advisory for shutter (FEDORA-2021-5b74a5a0db)
2021-08-30 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: shutter-0.98-5.fc33
2021-08-29 01:14:04
nessus
nessus
openSUSE Security Update : shutter (openSUSE-2017-952)
2017-08-18 00:00:00
ubuntucve
ubuntucve
CVE-2016-10081
2016-12-29 00:00:00
debiancve
debiancve
CVE-2016-10081
2016-12-29 18:59:00
mageia
mageia
Updated shutter packages fix security vulnerability
2017-08-21 23:00:42
prion
prion
Design/Logic Flaw
2016-12-29 18:59:00
nvd
nvd
CVE-2016-10081
2016-12-29 18:59:00
zdt
zdt
Shutter 0.93.1 - Code Execution Vulnerability
2017-02-22 00:00:00
exploitdb
exploitdb
Shutter 0.93.1 - Code Execution
2016-12-26 00:00:00