3 matches found
[Full-disclosure] [ GLSA 200801-01 ] unp: Arbitrary command execution
Gentoo Linux Security Advisory GLSA 200801-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
CVE-2007-6610
unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument. NOTE: this might only be a vulnerability when unp is invoked by a third party product...
CVE-2007-6610
CVE-2007-6610 affects unp up to 1.0.12 and older than 1.0.14. The vulnerability arises because unp does not properly escape file names before passing them to shell calls, enabling a context-dependent attacker to execute arbitrary shell commands via crafted filenames (potentially when invoked by a...