Download
| Alert*
oval:org.secpod.oval:def:67176
newsbeuter: open-source RSS/Atom feed reader for text terminals Newsbeuter could be made to crash or run programs as your login if it opened a malicious file. oval:org.secpod.oval:def:70585 Jeriko One discovered that newsbeuter, a text-mode RSS feed reader, did not properly escape the title and description of a news article when bookmarking it. This allowed a remote attacker to run an arbitrary shell command on the client machine. oval:org.secpod.oval:def:1800719 An attacker can craft an RSS item with shell code in the title and/or URL. When you bookmark such an item, your shell will execute that code. Newsbeuter versions 0.7 through 2.9 are affected. oval:org.secpod.oval:def:1800144 Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure that includes shell metacharacters in its file ... oval:org.secpod.oval:def:1800179 An attacker can craft an RSS item with shell code in the title and/or URL. When you bookmark such an item, your shell will execute that code. Newsbeuter versions 0.7 through 2.9 are affected. oval:org.secpod.oval:def:1800834 Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure that includes shell metacharacters in its file ... oval:org.secpod.oval:def:1901033 Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL. oval:org.secpod.oval:def:1800364 Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure that includes shell metacharacters in its file ... oval:org.secpod.oval:def:1800469 Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure that includes shell metacharacters in its file ... oval:org.secpod.oval:def:1800390 An attacker can craft an RSS item with shell code in the title and/or URL. When you bookmark such an item, your shell will execute that code. Newsbeuter versions 0.7 through 2.9 are affected. oval:org.secpod.oval:def:1800557 An attacker can craft an RSS item with shell code in the title and/or URL. When you bookmark such an item, your shell will execute that code. Newsbeuter versions 0.7 through 2.9 are affected. oval:org.secpod.oval:def:68297 Jeriko One discovered that newsbeuter, a text-mode RSS feed reader, did not properly escape the title and description of a news article when bookmarking it. This allowed a remote attacker to run an arbitrary shell command on the client machine. oval:org.secpod.oval:def:705703 newsbeuter: open-source RSS/Atom feed reader for text terminals Newsbeuter could be made to crash or run programs as your login if it opened a malicious file. |