The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "–date=TZ="123"345" @1" string to the touch or date command.
View Full Alert
Related Posts
CVE-2014-1690 (linux_kernel, ubuntu_linux)The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect…
CVE-2014-2727The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection. View Full Alert
CVE-2014-10381The user-domain-whitelist plugin before 1.5 for WordPress has CSRF. View Full Alert
