EUVD-2017-8685

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-17525

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which...

xTuple PostBooks Parameter Injection Vulnerability

xTuple PostBooks is a full-featured business management system that runs only in the cloud or in a local server. The system includes features such as sales management, purchasing management, and inventory and distribution management. A security vulnerability exists in the guiclient/guiclient.cpp...

Design/Logic Flaw

guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

UBUNTU-CVE-2017-17525

guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

CVE-2017-17525

guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

CVE-2017-17525

Removed by vendor...

CVE-2017-17525

CVE-2017-17525 affects guiclient/guiclient.cpp in xTuple PostBooks 4.7.0, where the BROWSER environment variable is used without validating the launched program’s arguments. This can enable remote argument-injection via a crafted URL. Public records consistently describe the issue and its impact,...