This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Uzbl First view 2010-02-25
Product Uzbl Last view 2010-08-19
Version 2009.12.22 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:uzbl:uzbl

Activity : Overall

Related : CVE

  Date Alert Description
6.8 2010-08-19 CVE-2010-2809

The default configuration of the binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document.

7.5 2010-02-25 CVE-2010-0011

The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-264 Permissions, Privileges, and Access Controls
50% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')

Open Source Vulnerability Database (OSVDB)

id Description
67308 Uzbl <Button2> Binding @SELECTED_URI Feature Weakness Crafted HTML Docu...
62659 Uzbl uzbl-core.c eval_js Function Arbitrary Javascript Code Execution

OpenVAS Exploits

id Description
2010-12-02 Name : Fedora Update for uzbl FEDORA-2010-12386
File : nvt/gb_fedora_2010_12386_uzbl_fc14.nasl
2010-08-24 Name : Fedora Update for uzbl FEDORA-2010-12260
File : nvt/gb_fedora_2010_12260_uzbl_fc13.nasl
2010-08-24 Name : Fedora Update for uzbl FEDORA-2010-12276
File : nvt/gb_fedora_2010_12276_uzbl_fc12.nasl

Nessus® Vulnerability Scanner

id Description
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-08.nasl - Type: ACT_GATHER_INFO
2010-08-24 Name: The remote Fedora host is missing a security update.
File: fedora_2010-12386.nasl - Type: ACT_GATHER_INFO
2010-08-23 Name: The remote Fedora host is missing a security update.
File: fedora_2010-12260.nasl - Type: ACT_GATHER_INFO
2010-08-23 Name: The remote Fedora host is missing a security update.
File: fedora_2010-12276.nasl - Type: ACT_GATHER_INFO