8 matches found
GLSA-200909-06 : aMule: Parameter injection
The remote host is affected by the vulnerability described in GLSA-200909-06 aMule: Parameter injection Sam Hocevar discovered that the aMule preview function does not properly sanitize file names. Impact : A remote attacker could entice a user to download a file with a specially crafted file nam...
[SECURITY] [DSA 1821-1] New amule packages fix insufficient input sanitising
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1821-1 [email protected] http://www.debian.org/security/ Steffen Joeris June 22, 2009 http://www.debian.org/security/faq -...
Debian DSA-1821-1 : amule - insufficient input sanitising
Sam Hocevar discovered that amule, a client for the eD2k and Kad networks, does not properly sanitise the filename, when using the preview function. This could lead to the injection of arbitrary commands passed to the video player. The oldstable distribution etch is not affected by this issue...
[SECURITY] [DSA 1821-1] New amule packages fix insufficient input sanitising
------------------------------------------------------------------------ Debian Security Advisory DSA-1821-1 [email protected] http://www.debian.org/security/ Steffen Joeris June 22, 2009 http://www.debian.org/security/faq -...
CVE-2009-1440
Incomplete blacklist vulnerability in DownloadListCtrl.cpp in amule 2.2.4 allows remote attackers to conduct argument injection attacks into a command for mplayer via a crafted filename...
DEBIAN-CVE-2009-1440
Incomplete blacklist vulnerability in DownloadListCtrl.cpp in amule 2.2.4 allows remote attackers to conduct argument injection attacks into a command for mplayer via a crafted filename...
CVE-2009-1440
CVE-2009-1440 affects amule (eD2k/Kademlia client); the vulnerability is an incomplete blacklist in DownloadListCtrl.cpp that lets a remote attacker craft a filename to inject arguments into the user’s video player. Advisories (Debian DSA-1821-1, Gentoo GLSA-200909-06, OpenVAS, Nessus plugins) co...
CVE-2009-1440
Incomplete blacklist vulnerability in DownloadListCtrl.cpp in amule 2.2.4 allows remote attackers to conduct argument injection attacks into a command for mplayer via a crafted filename...