3 matches found
[SECURITY] [DLA 1210-1] kildclient security update
Package : kildclient Version : 2.11.1-1+deb7u1 CVE ID : CVE-2017-17511 It was discovered that there was a command-injection vulnerability in kildclient, a "MUD" multiplayer real-time virtual world game. For Debian 7 "Wheezy", this issue has been fixed in kildclient version 2.11.1-1+deb7u1. Thanks...
CVE-2017-17511
KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c...
CVE-2017-17511
KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, allowing argument-injection/parameter-injection via a crafted URL (related to prefs.c and worldgui.c). Documented across multiple feeds (OSV, CNVD, Debian DLA references). The li...