CVE-2006-1865

EPSS 1.9%
Veröffentlicht 21.04.2006 23:06:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Argument injection vulnerability in Beagle before 0.2.5 allows attackers to execute arbitrary commands via crafted filenames that inject command line arguments when Beagle launches external helper applications while indexing.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Beagle Project ≫ Beagle Version < 0.2.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.9%	0.825

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

http://secunia.com/advisories/19897

Vendor Advisory

Broken Link

http://www.novell.com/linux/security/advisories/2006_04_28.html

Broken Link

http://lists.seifried.org/pipermail/security/2006-April/013163.html

Broken Link

http://scary.beasts.org/security/CESA-2006-002.html

Third Party Advisory

http://secunia.com/advisories/19778

Vendor Advisory

Broken Link