15 matches found
EUVD-2017-7851
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2017-16667
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of...
SUSE CVE-2017-16667
backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...
GLSA-201801-06 : Back In Time: Command injection
The remote host is affected by the vulnerability described in GLSA-201801-06 Back In Time: Command injection Back in Time did improper escaping/quoting of file paths used as arguments to the notify-send command leading to some parts of file paths being executed as shell commands within an os.syst...
Back In Time: Command injection
Background A simple backup tool for Linux, inspired by “flyback project”. Description ‘Back in Time’ did improper escaping/quoting of file paths used as arguments to the ‘notify-send’ command leading to some parts of file paths being executed as shell commands within an os.system call. Impact A...
openSUSE Security Update : backintime (openSUSE-2017-1309)
This update for backintime fixes the following issues : Security issue fixed : - CVE-2017-16667: Fixed shell injection in notify-send boo1067342. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Updat...
CVE-2017-16667
backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...
CVE-2017-16667
backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...
CVE-2017-16667
backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...
UBUNTU-CVE-2017-16667
backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...
DEBIAN-CVE-2017-16667
backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...
Input validation
backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...
CVE-2017-16667
backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...
CVE-2017-16667
backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...
CVE-2017-16667
CVE-2017-16667 - Summary : The Back in Time tool (backintime) prior to version 1.1.24 improperly escapes/quotes file paths passed to the notify-send command, causing parts of the path to be executed as shell commands inside an os.system call in qt4/plugins/notifyplugin.py. This enables a context-...