EUVD-2007-5807

Malware in sbrugna...

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The numerous vulnerabilities in the yarssr package of the Debian GNU/Linux operating system may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Yarssr 0.2.2 GUI.PM Remote Code Injection Vulnerability

No description provided by source. source: www.securityfocus.com/bid/26273/info Yarssr is prone to a remote code-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to inject and execute arbitrary malicious Perl code with the...

Debian Security Advisory DSA 1477-1 (yarssr)

The remote host is missing an update to yarssr announced via advisory DSA 1477-1. OpenVAS Vulnerability Test $Id: deb14771.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1477-1 yarssr Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Debian: Security Advisory (DSA-1477-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 1477-1] New yarssr packages fix arbitrary shell command execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1477-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 27, 2008 http://www.debian.org/security/faq -...

Debian DSA-1477-1 : yarssr - missing input sanitising

Duncan Gilmore discovered that yarssr, an RSS aggregator and reader, performs insufficient input sanitising, which could result in the execution of arbitrary shell commands if a malformed feed is read. Due to a technical limitation of the archive management scripts, the fix for the old stable...

DSA-1477-1 yarssr - missing input sanitising

Bulletin has no description...

CVE-2007-5837

GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, allows remote attackers to execute arbitrary commands via shell metacharacters in a link element in a feed...

CVE-2007-5837

GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, allows remote attackers to execute arbitrary commands via shell metacharacters in a link element in a feed...

CVE-2007-5837

GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, allows remote attackers to execute arbitrary commands via shell metacharacters in a link element in a feed...

CVE-2007-5837

CVE-2007-5837 affects the yarssr RSS aggregator (version 0.2.2). The root cause is insufficient input sanitising in feed links, allowing remote attackers to trigger execution of arbitrary shell commands via shell metacharacters in a feed link when Gnome default URL handling is disabled. Debian se...

CVE-2007-5837

Removed by vendor...

yarssr GUI.pm模块URL处理命令注入漏洞

BUGTRAQ ID: 26273 yarssr全称是Yet Another RSS Reader，可在GNOME通知区中显示RSS阅读结果。 yarssr的GUI.pm模块处理URL串时存在输入验证漏洞，远程攻击者可能利用此漏洞在用户系统上执行恶意命令。 yarssr的GUI.pm模块没有正确地验证URL便在exec语句中使用启动浏览器，如果用户受骗点击了恶意的feed链接的话，就可能以当前用户的权限注入并执行任意命令。成功攻击要求禁用了“Gnome default” URL处理。 Yarssr 0.2.2...

Yarssr 0.2.2 - GUI.PM Remote Code Injection

source: www.securityfocus.com/bid/26273/info Yarssr is prone to a remote code-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to inject and execute arbitrary malicious Perl code with the privileges of the user running the...

Yarssr 0.2.2 - GUI.PM Remote Code Injection

Yarssr 0.2.2 - GUI.PM Remote Code Injection source: www.securityfocus.com/bid/26273/info Yarssr is prone to a remote code-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to inject and execute arbitrary malicious Perl code with...