7 matches found
OS Command Injection
newsbeuter is vulnerable to OS Command Injection. Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure i.e., a...
Newsbeuter: User-assisted execution of arbitrary code
Background Newsbeuter is a RSS/Atom feed reader for the text console. Description Newsbeuter does not properly escape shell meta-characters in an RSS item with a media enclosure in the podcast playback function of Podbeuter. Impact A remote attacker, by enticing a user to open a feed with a...
Security update for newsbeuter (important)
This update for newsbeuter fixes one issues. This security issue was fixed: - CVE-2017-14500: Improper Neutralization of special elements allowed remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure that includes shell metacharacters in its...
CVE-2017-14500
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure i.e., a podcast file that includes shell...
CVE-2017-14500
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure i.e., a podcast file that includes shell...
CVE-2017-14500
Removed by vendor...
CVE-2017-14500
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure i.e., a podcast file that includes shell...