QwikSec

Security Database

CVE

CWE

Training

CVE-2014-2527

Published: Aug 26, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a " (double quote) character in the directory name, a different vulnerability than CVE-2014-2528.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bitbucket.org/jeromerobert/k4dirstat/commits/1ad2e96d73fa06cd9be0f3749b337c03575016aa#chg-src/kcleanup.cpp

x_refsource_CONFIRM

openSUSE-SU-2014:0984

vendor-advisory

x_refsource_SUSE

https://bugzilla.redhat.com/show_bug.cgi?id=1077059

x_refsource_CONFIRM

[oss-security] 20140317 CVE request: kdirstat, insufficient quote escaping leading to arbitrary command execution

mailing-list

x_refsource_MLIST

[oss-security] 20140318 Re: CVE request: kdirstat, insufficient quote escaping leading to arbitrary command execution

mailing-list

x_refsource_MLIST

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741659

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.