Computer Security
[EN] securityvulns.ru no-pyccku


xdg-open code execution
updated since 19.01.2015
Published:08.03.2015
Source:
SecurityVulns ID:14230
Type:library
Threat Level:
7/10
Description:Code execution because of insufficient shell characters filtering in protocol handlers.
Affected:XDG : xdg-utils 1.1
CVE:CVE-2015-1877
 CVE-2014-9622 (Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3165-1] xdg-utils security update (08.03.2015)
 documentDEBIAN, [SECURITY] [DSA 3131-1] xdg-utils security update (19.01.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod