7.5
CVE-2006-1865
- EPSS 3.49%
- Veröffentlicht 21.04.2006 23:06:00
- Zuletzt bearbeitet 16.06.2026 22:23:50
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginArgument injection vulnerability in Beagle before 0.2.5 allows attackers to execute arbitrary commands via crafted filenames that inject command line arguments when Beagle launches external helper applications while indexing.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Beagle Project ≫ Beagle Version < 0.2.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.49% | 0.876 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
http://secunia.com/advisories/19897
http://www.novell.com/linux/security/advisories/2006_04_28.html
http://lists.seifried.org/pipermail/security/2006-April/013163.html
http://scary.beasts.org/security/CESA-2006-002.html
http://secunia.com/advisories/19778
http://secunia.com/advisories/19781
http://www.osvdb.org/24938
http://www.securityfocus.com/bid/17611
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189282
https://exchange.xforce.ibmcloud.com/vulnerabilities/26104