Net::IMAP 命令注入漏洞

Net::IMAP is a Ruby client API for the IMAP message access protocol, developed by Ruby Open Source. Versions of Net::IMAP prior to 0.4.24, 0.5.14, and 0.6.4 contained a command injection vulnerability. This vulnerability stemmed from multiple Net::IMAP commands that accepted unvalidated or escape...

DreamFactory Core 操作系统命令注入漏洞

DreamFactory Core is an open source DreamFactory core service from DreamFactory Software. DreamFactory Core suffers from an operating system command injection vulnerability that stems from a lack of validation of user-supplied strings in the implementation of the saveZipFile method, which could...

Linux Distros Unpatched Vulnerability : CVE-2017-17524

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - library/wwwbrowser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allo...

Bob Hepple gjots2 Parameter Injection Vulnerability

Bob Hepple gjots2 is a suite of open source desktop notebook applications. A security vulnerability exists in the lib/gui.py file in Bob Hepple gjots2 version 2.4.1, which stems from the program failing to validate strings before starting the program. A remote attacker can exploit this...

Tkabber Parameter Injection Vulnerability

Tkabber is an instant messaging protocol GUI client based on XMPP. A security vulnerability exists in the default.tcl file in Tkabber version 1.1, which originates from the program failing to validate strings before starting the program. A remote attacker can exploit this vulnerability to perform...

OCaml Batteries Included Parameter Injection Vulnerability

OCaml Batteries Included a.k.a. ocaml-batteries is a set of development platforms based on the OCaml language maintained by the OCaml community. A security vulnerability exists in the batteriesConfig.mlp file in OCaml Batteries Included version 2.6, which stems from the program failing to validat...

AbiWord Parameter Injection Vulnerability

AbiWord is a free word processing program similar to Microsoft Word for a variety of word processing tasks. A security vulnerability exists in the af/util/xp/utgofile.cpp file in AbiWord version 3.0.2-2, which originates from the program not validating strings before starting the program. A remot...

ScummVM Parameter Injection Vulnerability

ScummVM is a graphics engine for point-and-click adventure games. A security vulnerability exists in the backends/platform/sdl/posix/posix.cpp file in ScummVM version 1.9.0, which originates from a program that does not validate strings before starting the program. A remote attacker could exploit...

Sylpheed libsylph/utils.c File Injection Vulnerability

Sylpheed is a lightweight email client using GTK+ Graphical Interface Creation Kit. A security vulnerability exists in the libsylph/utils.c file in Sylpheed 3.6 and earlier versions, which stems from the program failing to validate strings before starting the program. A remote attacker can exploi...

CVE-2017-17528

backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

CVE-2017-17527

delphigui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer has indicated that the code...