Lucene search
K

20 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.3 views

SUSE CVE-2006-6979

The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters...

7.5CVSS7.8AI score0.02318EPSS
Exploits0References3
Openbugbounty
Openbugbounty
added 2018/06/12 2:38 a.m.10 views

magnatune.com XSS vulnerability

Open Bug Bounty ID: OBB-630420 Description| Value ---|--- Affected Website:| magnatune.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Openbugbounty
Openbugbounty
added 2018/06/12 2:38 a.m.6 views

my.magnatune.com XSS vulnerability

Open Bug Bounty ID: OBB-630421 Description| Value ---|--- Affected Website:| my.magnatune.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
OpenVAS
OpenVAS
added 2012/09/11 12:0 a.m.19 views

Slackware Advisory SSA:2008-241-01 amarok

The remote host is missing an update as announced via advisory SSA:2008-241-01. OpenVAS Vulnerability Test $Id: esoftslkssa200824101.nasl 6598 2017-07-07 09:36:44Z cfischer $ Description: Auto-generated from the corresponding slackware advisory Authors: Thomas Reinke Copyright: Copyright c 2012...

3.3CVSS6.5AI score0.00353EPSS
Exploits0
OpenVAS
OpenVAS
added 2012/09/10 12:0 a.m.18 views

Slackware: Security Advisory (SSA:2008-241-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.3CVSS6.5AI score0.00353EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.14 views

Gentoo Security Advisory GLSA 200703-11 (amarok)

The remote host is missing updates announced in advisory GLSA 200703-11. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.02318EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.26 views

Gentoo Security Advisory GLSA 200703-11 (amarok)

The remote host is missing updates announced in advisory GLSA 200703-11. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

7.5CVSS0.02318EPSS
Exploits0
Slackware Linux
Slackware Linux
added 2008/08/29 5:26 a.m.31 views

[slackware-security] amarok

New Amarok packages are available for Slackware 11.0, 12.0, 12.1, and -current to fix security issues. In addition, new supporting libgpod packages are available for Slackware 11.0 and 12.0, since a newer version of libgpod than shipped with these releases is required to run Amarok version 1.4.10...

3.3CVSS6AI score0.00353EPSS
Exploits0
OSV
OSV
added 2008/08/14 11:41 p.m.1 views

DEBIAN-CVE-2008-3699

The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the albuminfo.xml temporary file...

3.3CVSS6.2AI score0.00353EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2007/03/16 12:0 a.m.25 views

GLSA-200703-11 : Amarok: User-assisted remote execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-200703-11 Amarok: User-assisted remote execution of arbitrary code The Magnatune downloader doesn't quote the 'mcurrentAlbumFileName' parameter while calling the 'unzip' shell command. Impact : A compromised or malicious Magnatune...

6.1AI score
Exploits0References2
securityvulns
securityvulns
added 2007/03/14 12:0 a.m.33 views

[ GLSA 200703-11 ] Amarok: User-assisted remote execution of arbitrary code

Gentoo Linux Security Advisory GLSA 200703-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

0.6AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2007/03/13 12:0 a.m.20 views

Amarok: User-assisted remote execution of arbitrary code

Background Amarok is an advanced music player. Description The Magnatune downloader doesn't quote the "mcurrentAlbumFileName" parameter while calling the "unzip" shell command. Impact A compromised or malicious Magnatune server can remotely execute arbitrary shell code with the rights of the user...

3.5AI score
Exploits0
UbuntuCve
UbuntuCve
added 2007/02/08 6:28 p.m.35 views

CVE-2006-6979

The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters...

7.5CVSS6.1AI score0.02318EPSS
Exploits0References1
NVD
NVD
added 2007/02/08 6:28 p.m.10 views

CVE-2006-6980

The magnatune.com album browser in Amarok allows attackers to cause a denial of service application crash via unspecified vectors...

2.6CVSS6.4AI score0.01359EPSS
Exploits0References3
NVD
NVD
added 2007/02/08 6:28 p.m.21 views

CVE-2006-6979

The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters...

7.5CVSS7.5AI score0.02318EPSS
Exploits0References9
OSV
OSV
added 2007/02/08 6:28 p.m.3 views

DEBIAN-CVE-2006-6979

The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters...

7.5CVSS7.6AI score0.02318EPSS
Exploits0References1
OSV
OSV
added 2007/02/08 6:28 p.m.1 views

DEBIAN-CVE-2006-6980

The magnatune.com album browser in Amarok allows attackers to cause a denial of service application crash via unspecified vectors...

2.6CVSS6.7AI score0.01359EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2007/02/08 6:0 p.m.21 views

CVE-2006-6979

The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters...

7.5CVSS7.4AI score0.02318EPSS
Exploits0
Cvelist
Cvelist
added 2007/02/08 6:0 p.m.24 views

CVE-2006-6979

The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters...

7.5AI score0.02318EPSS
Exploits0References9
CVE
CVE
added 2007/02/08 6:0 p.m.59 views

CVE-2006-6979

The CVE-2006-6979 entry concerns Amarok’s Magnatune component, specifically the Ruby handlers. The root cause is inadequate quoting in certain contexts (likely during unzip command construction), which can allow an attacker to inject shell metacharacters and execute arbitrary commands. The issue ...

7.5CVSS7.5AI score0.02318EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder