16 matches found
MATE Desktop Atril Document Viewer CBT File Parsing Argument Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of MATE Desktop Atril Document Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...
CVE-2023-44452
Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visi...
CVE-2023-44452
Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visi...
CVE-2023-44452
Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visi...
CVE-2023-44452 Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability
Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visi...
CVE-2023-44452 Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability
Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visi...
CVE-2023-44452
Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visi...
Exploit for Argument Injection in Linuxmint Xreader
CVE-2023-44452, CVE-2023-51698: Linux Mint Xreader/MATE Atril...
The vulnerability of the Xreader software for viewing electronic documents lies in the incorrect restriction on the path name to the restricted access catalog, allowing a perpetrator to execute arbitrary code.
The vulnerability of the Xreader software for viewing electronic documents is related to an incorrect restriction on the path name to the restricted access catalog. Exploiting this vulnerability could allow a hacker to execute arbitrary code by having the user open a specially crafted EPUB or CBT...
SUSE CVE-2023-44452
Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visi...
Evince - CBT File Command Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'Evince CBT File Command Injection', 'Description' = %q This module exploits a command injection vulnerability in Evince before...
Evince CBT File Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'Evince CBT File Command Injection', 'Description' = %q This module exploits a command injection vulnerability in Evince before...
Evince CBT File Command Injection
This module exploits a command injection vulnerability in Evince before version 3.24.1 when opening comic book .cbt files. Some file manager software, such as Nautilus and Atril, may allow automatic exploitation without user interaction due to thumbnailer preview functionality. Note that limited...
The vulnerability of the Evince document viewing software lies in its inability to eliminate special elements, allowing a perpetrator to execute arbitrary commands.
The vulnerability of the Evince document viewing software backend/comics/comics-document.c is related to the failure to eliminate special elements used in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially prepared a.cbt file, which is...
SUSE SLED12 / SLES12 Security Update : evince (SUSE-SU-2017:3428-1)
This update for evince fixes the following issues: Security issue fixed : - CVE-2017-1000083: Remove support for tar and tar-like commands in comics backend bsc1046856. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenab...
CVE-2017-1000083
It was found that evince did not properly sanitize the command line which is run to untar Comic Book Tar CBT files, thereby allowing command injection. A specially crafted CBT file, when opened by evince or evince-thumbnailer, could execute arbitrary commands in the context of the evince program...