Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2085

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-2085
Last Modified 18 Apr 2013 11:21:09
Published 28 Aug 2012 01:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2085

Summary

The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute.

Vulnerable Systems

Application

  • Gajim 0.1

  • Gajim 0.10

  • Gajim 0.10.1

  • Gajim 0.11

  • Gajim 0.11.1

  • Gajim 0.11.2

  • Gajim 0.11.3

  • Gajim 0.11.4

  • Gajim 0.12

  • Gajim 0.12.1

  • Gajim 0.12.2

  • Gajim 0.12.3

  • Gajim 0.12.4

  • Gajim 0.12.5

  • Gajim 0.13

  • Gajim 0.13.1

  • Gajim 0.13.2

  • Gajim 0.13.3

  • Gajim 0.13.4

  • Gajim 0.14

  • Gajim 0.14.1

  • Gajim 0.14.2

  • Gajim 0.14.3

  • Gajim 0.14.4


References

CONFIRM - https://trac.gajim.org/ticket/7031

CONFIRM - https://trac.gajim.org/changeset/bc296e96ac10

BID - 52943

MLIST - [oss-security] 20120408 Re: CVE request: gajim - code execution and sql injection

MLIST - [oss-security] 20120408 CVE request: gajim - code execution and sql injection

SECUNIA - 48708

SECUNIA - 48794

GENTOO - GLSA-201208-04


Last Updated: 27 May 2016 11:00:24