43 matches found
EUVD-2008-5957
Malware in sbrugna...
EUVD-2009-0318
Malware in sbrugna...
SUSE CVE-2008-4863
Untrusted search path vulnerability in BPYinterface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySysSetArgv function...
Arbitrary Code Execution
python is vulnerable to arbitrary code execution. It was found that many applications embedding the Python interpreter did not specify a valid full path to the script or application when calling the PySysSetArgv API function, which could result in the addition of the current working directory to...
Fedora 10 : gedit-2.24.3-3.fc10 (2009-1187)
Untrusted search path vulnerability in gedit's Python module allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySysSetArgv function. References:...
XChat PySys_SetArgv函数命令执行漏洞
BUGTRAQ ID: 33444 CVECAN ID: CVE-2009-0315 X-Chat是一款免费开放源代码的IRC客户端。 xchat的Python模块中使用了不可信任的搜索路径,本地用户可以在当前工作目录中放置恶意的Python文件并利用PySysSetArgv函数调用中的安全漏洞(CVE-2008-5983)执行任意代码。 X-Chat X-Chat 2.8.7b X-Chat X-Chat 2.8.6 厂商补丁: X-Chat ------ 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
Epiphany PySys_SetArgv函数命令执行漏
BUGTRAQ ID: 33441 CVECAN ID: CVE-2008-5985 Epiphany是GNOME桌面所使用的WEB浏览器。 Epiphany的python接口使用argv0调用PySysSetArgv函数。由于Python对sys.path变量附加了空字符串,如果工作目录中的文件名匹配epiphany试图导入的python模块名,就可能允许本地用户在系统中执行任意代码。 GNOME Epiphany 2.22.3 厂商补丁: GNOME ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Vim PySys_SetArgv函数本地命令执行漏洞
BUGTRAQ ID: 33447 CVECAN ID: CVE-2009-0316 VIM是一款免费开放源代码文本编辑器,可使用在Unix/Linux操作系统下。 VIM的python接口使用argv0调用PySysSetArgv函数。由于Python对sys.path变量附加了空字符串,如果工作目录中的文件名匹配VIM试图导入的python模块名,就可能允许本地用户在系统中执行任意代码。 VIM Development Group VIM...
gedit PySys_SetArgv函数代码执行漏洞
BUGTRAQ ID: 33445 CVECAN ID: CVE-2009-0314 gedit是GNOME项目的小型文本编辑器。 gedit的Python模块可能使用当前工作目录作为模块搜索路径,如果用户受骗在包含有Python文件名类似于gedit所使用的模块名的目录中执行gedit的话,就会通过PySysSetArgv函数以其他用户的权限执行任意Python代码。 GNOME gEdit 2.x 厂商补丁: GNOME ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Fedora Core 9 FEDORA-2009-1189 (gedit)
The remote host is missing an update to gedit announced via advisory FEDORA-2009-1189. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
CVE-2009-0315
Untrusted search path vulnerability in the Python module in xchat allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySysSetArgv function CVE-2008-5983...
CVE-2009-0318
Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySysSetArgv function CVE-2008-5983...
Design/Logic Flaw
Untrusted search path vulnerability in the 1 "VST plugin with Python scripting" and 2 "VST plugin for writing score generators in Python" in Csound 5.08.2, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory,...
Design/Logic Flaw
Untrusted search path vulnerability in the Python module in xchat allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySysSetArgv function CVE-2008-5983...
Design/Logic Flaw
Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySysSetArgv function CVE-2008-5983...
CVE-2008-5987
Untrusted search path vulnerability in the Python interface in Eye of GNOME eog 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySysSetArgv function CVE-2008-5983...
Design/Logic Flaw
Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySysSetArgv function CVE-2008-5983...
Design/Logic Flaw
Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySysSetArgv function CVE-2008-5983...
CVE-2009-0314
Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySysSetArgv function CVE-2008-5983...
CVE-2008-5986
Untrusted search path vulnerability in the 1 "VST plugin with Python scripting" and 2 "VST plugin for writing score generators in Python" in Csound 5.08.2, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory,...