Published: 26/05/2011 Updated: 27/02/2020

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

VMScore: 515

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

feh prior to 1.8, when the --wget-timestamp option is enabled, might allow remote malicious users to execute arbitrary commands via shell metacharacters in a URL.

Vulnerable Product	Search on Vulmon	Subscribe to Product
feh project feh 1.2.6
feh project feh 1.2.5
feh project feh 1.2.3
feh project feh 1.2.1
feh project feh 1.6
feh project feh 1.4.3
feh project feh 1.3.1
feh project feh 1.2.7
feh project feh 1.2.0
feh project feh 0.9.9
feh project feh 1.4.1
feh project feh 1.4
feh project feh 1.3.5
feh project feh
feh project feh 0.6.4
feh project feh 0.5.0
feh project feh 1.6.1
feh project feh 1.5
feh project feh 1.4.2
feh project feh 1.3.3
feh project feh 1.3.0
feh project feh 1.1.0
feh project feh 0.7.0

source: wwwsecurityfocuscom/bid/41161/info feh is prone to a remote code-execution vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running the application Successful exploits will compromise the application and possibly the computer feh --wget-timestamp 'wwwexamplecom/stuf ...

CWE-20 http://derf.homelinux.org/git/feh/plain/ChangeLog http://openwall.com/lists/oss-security/2010/06/28/4 http://www.securityfocus.com/bid/41161 http://openwall.com/lists/oss-security/2010/06/25/4 https://nvd.nist.gov https://www.exploit-db.com/exploits/34201/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-2246

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect