NVD

Id
30946  
Name
CVE-2014-2528  
Description
kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a " (single quote) character in the directory name, a different vulnerability than CVE-2014-2527.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2014-08-26  
Modified Date
2014-08-27  
Seq
2014-2528  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
162747 30946 CVE-2014-2528 openSUSE-SU-2014:0984  View
162748 30946 CVE-2014-2528 [oss-security] 20140317 CVE request: kdirstat, insufficient quote escaping leading to arbitrary command execution  View
162749 30946 CVE-2014-2528 [oss-security] 20140318 Re: CVE request: kdirstat, insufficient quote escaping leading to arbitrary command execution  View
162750 30946 CVE-2014-2528 https://bitbucket.org/jeromerobert/k4dirstat/commits/1ad2e96d73fa06cd9be0f3749b337c03575016aa#chg-src/kcleanup.cpp  View
162751 30946 CVE-2014-2528 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741659  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
15080 JVNDB-2014-003955 KDirStat の kcleanup.cpp における任意のコマンドを実行される脆弱性 KDirStat の kcleanup.cpp は、ディレクトリを削除する際、適切に文字列を引用しないため、任意のコマンドを実行される脆弱性が存在します。 CVE-2014-2528 69815 CVE-2014-2528 30946 6.8 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-003955.html 2014-08-11 2014-08-28 View