12 matches found
Net::IMAP 命令注入漏洞
Net::IMAP is a Ruby client API for the IMAP message access protocol, developed by Ruby Open Source. Versions of Net::IMAP prior to 0.4.24, 0.5.14, and 0.6.4 contained a command injection vulnerability. This vulnerability stemmed from multiple Net::IMAP commands that accepted unvalidated or escape...
`Authorization::value` and `WwwAuthenticate::value` can violate ASCII invariants
Authorization::value uses HeaderValue::value with the claim that the internal string is ASCII, but Authorization::new and Authorization::setcredentials accept arbitrary String credentials without validation. As a result, safe code can construct a header value containing non-ASCII UTF-8 while the...
DreamFactory Core 操作系统命令注入漏洞
DreamFactory Core is an open source DreamFactory core service from DreamFactory Software. DreamFactory Core suffers from an operating system command injection vulnerability that stems from a lack of validation of user-supplied strings in the implementation of the saveZipFile method, which could...
Linux Distros Unpatched Vulnerability : CVE-2017-17524
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - library/wwwbrowser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allo...
Bob Hepple gjots2 Parameter Injection Vulnerability
Bob Hepple gjots2 is a suite of open source desktop notebook applications. A security vulnerability exists in the lib/gui.py file in Bob Hepple gjots2 version 2.4.1, which stems from the program failing to validate strings before starting the program. A remote attacker can exploit this...
Tkabber Parameter Injection Vulnerability
Tkabber is an instant messaging protocol GUI client based on XMPP. A security vulnerability exists in the default.tcl file in Tkabber version 1.1, which originates from the program failing to validate strings before starting the program. A remote attacker can exploit this vulnerability to perform...
OCaml Batteries Included Parameter Injection Vulnerability
OCaml Batteries Included a.k.a. ocaml-batteries is a set of development platforms based on the OCaml language maintained by the OCaml community. A security vulnerability exists in the batteriesConfig.mlp file in OCaml Batteries Included version 2.6, which stems from the program failing to validat...
ScummVM Parameter Injection Vulnerability
ScummVM is a graphics engine for point-and-click adventure games. A security vulnerability exists in the backends/platform/sdl/posix/posix.cpp file in ScummVM version 1.9.0, which originates from a program that does not validate strings before starting the program. A remote attacker could exploit...
AbiWord Parameter Injection Vulnerability
AbiWord is a free word processing program similar to Microsoft Word for a variety of word processing tasks. A security vulnerability exists in the af/util/xp/utgofile.cpp file in AbiWord version 3.0.2-2, which originates from the program not validating strings before starting the program. A remot...
Sylpheed libsylph/utils.c File Injection Vulnerability
Sylpheed is a lightweight email client using GTK+ Graphical Interface Creation Kit. A security vulnerability exists in the libsylph/utils.c file in Sylpheed 3.6 and earlier versions, which stems from the program failing to validate strings before starting the program. A remote attacker can exploi...
CVE-2017-17528
backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
CVE-2017-17527
delphigui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer has indicated that the code...