10 matches found
EUVD-2017-8685
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2017-17525
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which...
xTuple PostBooks Parameter Injection Vulnerability
xTuple PostBooks is a full-featured business management system that runs only in the cloud or in a local server. The system includes features such as sales management, purchasing management, and inventory and distribution management. A security vulnerability exists in the guiclient/guiclient.cpp...
Design/Logic Flaw
guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
UBUNTU-CVE-2017-17525
guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
CVE-2017-17525
guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
CVE-2017-17525
guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
CVE-2017-17525
guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
CVE-2017-17525
Removed by vendor...
CVE-2017-17525
CVE-2017-17525 affects guiclient/guiclient.cpp in xTuple PostBooks 4.7.0, where the BROWSER environment variable is used without validating the launched program’s arguments. This can enable remote argument-injection via a crafted URL. Public records consistently describe the issue and its impact,...