CVE-2007-4398 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-4398
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-4398

Description: Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and (2) xmms.pl 1.1 scripts for WeeChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/35985 SREASON http://securityreason.com/securityalert/3036 SAID Secunia Advisory: SA26457 Secunia Advisory: SA26490 OSVDB 39564 39565 MISC http://wouter.coekaerts.be/site/security/nowplaying FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html CONFIRM http://git.sv.gnu.org/gitweb/?p=weechat/scripts.git;a=commit;h=76f7f7b502352ba2b823e3388a2ca88840fd1945 http://git.sv.gnu.org/gitweb/?p=weechat/scripts.git;a=commit;h=7429c29a2fab6d7493c0188b5f631a7c2ae1533d BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/476283/100/0/threaded BID 25281

Return to the previous page.