UBUNTU-CVE-2017-1000487

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

CVE-2017-1000487

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

Command Injection

fs-git is vulnerable to command injection attacks. These attacks are possible because the buildCommand function doesn't sanitize data before constructing exec strings, allowing attackers to insert and execute commands...

PT-2018-3791 · Apache · Plexus-Utils

Name of the Vulnerable Software and Affected Versions: Plexus-utils versions prior to 3.0.16 Description: The issue arises from the incorrect processing of double quoted strings, leading to command injection. This could allow a remote attacker to execute arbitrary commands. Recommendations: For...

CVE-2017-7847

Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird 52.5.2...

DEBIAN-CVE-2017-17846

An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003...

CVE-2017-17846

An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003...

CVE-2017-5258

In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or can guess the RW community string can provide a URL for a configuration file over SNMP with XSS strings in certain SNMP OIDs, serve it via HTTP, and the affected device will perform a configuration restore using...

How to set customized BIOS strings to HVM VMs

This article describes the method to set customized BIOS strings to HVM VMs through xe CLI of XenServer 7.3 and later, as well as how to get customized BIOS strings on these VMs...

AbiWord Parameter Injection Vulnerability

AbiWord is a free word processing program similar to Microsoft Word for a variety of word processing tasks. A security vulnerability exists in the af/util/xp/utgofile.cpp file in AbiWord version 3.0.2-2, which originates from the program not validating strings before starting the program. A remot...

ScummVM Parameter Injection Vulnerability

ScummVM is a graphics engine for point-and-click adventure games. A security vulnerability exists in the backends/platform/sdl/posix/posix.cpp file in ScummVM version 1.9.0, which originates from a program that does not validate strings before starting the program. A remote attacker could exploit...

Geomview Parameter Injection Vulnerability

Geomview is an interactive 3D graphics viewing program for Unix-like systems. The program supports the use of the mouse to rotate, zoom in or out of graphics, and more. A security vulnerability exists in the common/help.c file in Geomview version 1.9.5, which originates from the program not...

Quest NetVault Backup Server Process Manager Service NVBUBackup ClientList Method SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup ClientList method requests. The issue results from th...

Sylpheed libsylph/utils.c File Injection Vulnerability

Sylpheed is a lightweight email client using GTK+ Graphical Interface Creation Kit. A security vulnerability exists in the libsylph/utils.c file in Sylpheed 3.6 and earlier versions, which stems from the program failing to validate strings before starting the program. A remote attacker can exploi...

CVE-2017-17535

lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

CVE-2017-17527

delphigui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer has indicated that the code...

CVE-2017-17528

backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

Haxx curl and libcurl denial of service vulnerabilities

Haxx curl and libcurl are both products of the Swedish company Haxx. curl is a set of file transfer tools that utilize URL syntax to work at the command line. libcurl is a free, open source client-side URL transfer library. A denial of service vulnerability exists in the FTP wildcard function in...

Ubuntu 14.04 LTS / 16.04 LTS : Python vulnerability (USN-3496-3)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3496-3 advisory. USN-3496-1 fixed a vulnerability in Python2.7. This update provides the corresponding update for versions 3.4 and 3.5. Tenable has extracted the...

USN-3496-1: Python vulnerability

It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code...