CVE-2007-5837

GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, allows remote attackers to execute arbitrary commands via shell metacharacters in a link element in a feed...

CVE-2007-5837

GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, allows remote attackers to execute arbitrary commands via shell metacharacters in a link element in a feed...

CVE-2007-5837

CVE-2007-5837 affects the yarssr RSS aggregator (version 0.2.2). The root cause is insufficient input sanitising in feed links, allowing remote attackers to trigger execution of arbitrary shell commands via shell metacharacters in a feed link when Gnome default URL handling is disabled. Debian se...

CVE-2007-5837

Removed by vendor...

yarssr GUI.pm模块URL处理命令注入漏洞

BUGTRAQ ID: 26273 yarssr全称是Yet Another RSS Reader，可在GNOME通知区中显示RSS阅读结果。 yarssr的GUI.pm模块处理URL串时存在输入验证漏洞，远程攻击者可能利用此漏洞在用户系统上执行恶意命令。 yarssr的GUI.pm模块没有正确地验证URL便在exec语句中使用启动浏览器，如果用户受骗点击了恶意的feed链接的话，就可能以当前用户的权限注入并执行任意命令。成功攻击要求禁用了“Gnome default” URL处理。 Yarssr 0.2.2...

Yarssr 0.2.2 - GUI.PM Remote Code Injection

source: www.securityfocus.com/bid/26273/info Yarssr is prone to a remote code-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to inject and execute arbitrary malicious Perl code with the privileges of the user running the...

Yarssr 0.2.2 - GUI.PM Remote Code Injection

Yarssr 0.2.2 - GUI.PM Remote Code Injection source: www.securityfocus.com/bid/26273/info Yarssr is prone to a remote code-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to inject and execute arbitrary malicious Perl code with...