8 matches found
SUSE CVE-2012-5534
The hookprocess function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion."...
Mandriva Linux Security Advisory : weechat (MDVSA-2013:136)
Updated weechat packages fix security vulnerability : A buffer overflow is causing a crash or freeze of WeeChat 0.36 to 0.39 when decoding IRC colors in strings. The packages have been patched to fix this problem CVE-2012-5854. Untrusted command for function hookprocess in WeeChat before 0.3.9.2...
Debian Security Advisory DSA 2598-1 (weechat - several vulnerabilities)
Two security issues have been discovered in WeeChat, a fast, light and extensible chat client: CVE-2011-1428 X.509 certificates were incorrectly validated. CVE-2012-5534 The hookprocess function in the plugin API allowed the execution of arbitrary shell commands. OpenVAS Vulnerability Test $Id:...
Debian: Security Advisory (DSA-2598-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Command injection
The hookprocess function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion."...
CVE-2012-5534
The hookprocess function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion."...
Fedora 16 : weechat-0.3.8-4.fc16 (2012-18575)
Fix arbitrary code execution due to call of shell when executing command within hookprocess Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...
weechat -- Arbitrary shell command execution via scripts
Sebastien Helleu reports: Untrusted command for function hookprocess could lead to execution of commands, because of shell expansions. Workaround with a non-patched version: remove/unload all scripts calling function hookprocess for maximum safety...