Debian Security Advisory DSA 2598-1 (weechat - several vulnerabilities)

Two security issues have been discovered in WeeChat, a fast, light and extensible chat client: CVE-2011-1428 X.509 certificates were incorrectly validated. CVE-2012-5534 The hookprocess function in the plugin API allowed the execution of arbitrary shell commands. OpenVAS Vulnerability Test $Id:...

Command injection

The hookprocess function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion."...