c7c1c7d92e
13 new exploits EasyCom For PHP 4.0.0 - Buffer Overflow (PoC) EasyCom For PHP 4.0.0 - Denial of Service Google Chrome - 'layout' Out-of-Bounds Read Shutter 0.93.1 - Code Execution DiskSavvy Enterprise - GET Buffer Overflow (Metasploit) Disk Savvy Enterprise - GET Buffer Overflow (Metasploit) Disk Savvy Enterprise 9.4.18 - Buffer Overflow (SEH) Joomla! Component ContentMap 1.3.8 - 'contentid' Parameter SQL Injection Joomla! Component VehicleManager 3.9 - SQL Injection Joomla! Component RealEstateManager 3.9 - SQL Injection Joomla! Component BookLibrary 3.6.1 - SQL Injection Joomla! Component MediaLibrary Basic 3.5 - SQL Injection Lock Photos Album&Videos Safe 4.3 - Directory Traversal ProjectSend r754 - Insecure Direct Object Reference Teradici Management Console 2.2.0 - Privilege Escalation
26 lines
801 B
Text
Executable file
26 lines
801 B
Text
Executable file
# Exploit Title: Shutter user-assisted remote code execution
|
|
# Date: 2016-12-26
|
|
# Software Link: http://shutter-project.org/
|
|
# Version: 0.93.1
|
|
# Tested on: Ubuntu, Debian
|
|
# Exploit Author: Prajith P
|
|
# Website: http://prajith.in/
|
|
# Author Mail: me@prajith.in
|
|
# CVE: CVE-2016-10081
|
|
|
|
1. Description.
|
|
/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote
|
|
attackers to execute arbitrary commands via a crafted image name that is
|
|
mishandled during a "Run a plugin" action.
|
|
|
|
2. Proof of concept.
|
|
1) Rename an image to something like "$(firefox)"
|
|
2) Open the renamed file in shutter
|
|
3) Click the "Run a plugin" option and select any plugin from the list and click "Run"
|
|
|
|
3. Solution:
|
|
https://bugs.launchpad.net/shutter/+bug/1652600
|
|
|
|
|
|
Thanks,
|
|
Prajithh
|