I thought I was understanding pretty well how bash argument processing and various expansions is supposed to behave. Apparently, there are still subtleties which tricks me, sometimes.Read more…
In the previous episode, I talked about some argument and shell command injections vulnerabilities through URIs passed to browsers. Here I am evaluating some other CVEs which were registered at the same time (not by me).Read more…
I found an argument injection vulnerability related to the handling of the
BROWSER environment variable in
sensible-browser. This lead me (and others) to a a few other argument and shell command injection vulnerabilities in
BROWSER processing and browser invocation in general.
Page 1 of 1 | Previous page | Next page | JSON Feed | Atom Feed