FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
00dadbf0-6f61-11e5-a2a1-002590263bf5p5-UI-Dialog -- shell command execution vulnerability

Matthijs Kooijman reports:

It seems that the whiptail, cdialog and kdialog backends apply some improper escaping in their shell commands, causing special characters present in menu item titles to be interpreted by the shell. This includes the backtick evaluation operator, so this constitutes a security issue, allowing execution of arbitrary commands if an attacker has control over the text displayed in a menu.


Discovery 2008-08-24
Entry 2015-10-10
p5-UI-Dialog
< 1.09_2

CVE-2008-7315
ports/203667
https://rt.cpan.org/Public/Bug/Display.html?id=107364
https://bugs.debian.org/496448
https://github.com/kckrinke/UI-Dialog/commit/6adc44cc636c615d76297d86835e1a997681eb61