2661 matches found
CVE-2017-16667
backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...
CVE-2017-16667
backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...
CVE-2017-16667
backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...
UBUNTU-CVE-2017-16667
backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...
DEBIAN-CVE-2017-16667
backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...
Input validation
backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...
CVE-2017-16667
backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...
CVE-2017-16667
backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...
CVE-2017-16667
CVE-2017-16667 - Summary : The Back in Time tool (backintime) prior to version 1.1.24 improperly escapes/quotes file paths passed to the notify-send command, causing parts of the path to be executed as shell commands inside an os.system call in qt4/plugins/notifyplugin.py. This enables a context-...
Node.js arbitrary file read Vulnerability(CVE-2017-14849)
Author: niubl@TSRC 1. Vulnerability description 2017 9 November 28, the company scanner found a business there is an example of the arbitrary file read vulnerability, the team follow-up analysis found that this is the Node. js and Express the common result of a Common Vulnerability. As we prepare...
CVE-2017-5084
Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint...
CVE-2017-5084
CVE-2017-5084 detail (Google Chrome OS): In Chrome OS, the image-burner component exposed a BurnImage D-Bus endpoint with an inappropriate implementation, enabling a local attacker to read local files via dbus-send commands. Affected: Chrome OS builds prior to 59.0.3071.92. Impact is local inform...
CVE-2017-5084
Removed by vendor...
DEBIAN-CVE-2017-15096
A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in sendbrickreq function in glusterfsd/src/gfattach.c may be used to cause denial of service...
GHSA-XWG4-93C6-3H42 Directory Traversal in send
Versions 0.8.3 and earlier of send are affected by a directory traversal vulnerability. When relying on the root option to restrict file access it may be possible for an application consumer to escape out of the restricted directory and access files in a similarly named directory. For example,...
37fis (>=1.0.0 <=1.0.2), @byted/beejs (>=1.0.1 <=1.2.18) +842 more potentially affected by CVE-2015-8859 via send (>=0.0.1 <=0.11.0)
send NPM version =0.0.1, =1.0.0, =1.0.1, =0.0.2, =0.0.1, =2.0.2, =1.0.4, =1.0.1, =0.0.1, =0.1.3, =1.0.0, =0.2.1, =1.0.8, =1.2.2-hotfix - acsjin =1.1.6 and more Source cves: CVE-2015-8859 Source advisory: OSV:GHSA-JGQF-HWC5-HH37...
Root Path Disclosure in send
Versions of send prior to 0.11.2 are affected by an information leakage vulnerability which may allow an attacker to enumerate paths on the server filesystem. Recommendation Update to version 0.11.1 or later...
Directory Traversal in send
Versions 0.8.3 and earlier of send are affected by a directory traversal vulnerability. When relying on the root option to restrict file access it may be possible for an application consumer to escape out of the restricted directory and access files in a similarly named directory. For example,...
GHSA-JGQF-HWC5-HH37 Root Path Disclosure in send
Versions of send prior to 0.11.2 are affected by an information leakage vulnerability which may allow an attacker to enumerate paths on the server filesystem. Recommendation Update to version 0.11.1 or later...
The vulnerability of the “send and receive file” command handler in the Picocom terminal emulation software allows a hacker to execute any command they desire.
The vulnerability of the “send and receive file” command in the Picocom terminal emulation software lies in the lack of measures to sanitize input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by using /bin/sh to launch external commands...