Lucene search
+L

4 matches found

gentoo
gentoo
added 2018/01/07 12:0 a.m.41 views

Back In Time: Command injection

Background A simple backup tool for Linux, inspired by “flyback project”. Description ‘Back in Time’ did improper escaping/quoting of file paths used as arguments to the ‘notify-send’ command leading to some parts of file paths being executed as shell commands within an os.system call. Impact A...

9.3CVSS7.9AI score0.01462EPSS
Exploits0
prion
prion
added 2017/11/08 6:29 p.m.15 views

Input validation

backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...

9.3CVSS7.5AI score0.01462EPSS
Exploits0References4Affected Software1
ubuntucve
ubuntucve
added 2017/11/08 6:29 p.m.23 views

CVE-2017-16667

backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...

9.3CVSS7.2AI score0.01462EPSS
Exploits0References3
cvelist
cvelist
added 2017/11/08 6:0 p.m.33 views

CVE-2017-16667

backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...

7.5AI score0.01462EPSS
Exploits0References4
Rows per page
Query Builder