Comment 1 for bug 1525636
Revision history for this message
| Bernd Dietzel (l-ubuntuone1104) wrote | #1 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
Here are some LinuxMint Code injection examples.
I have allready reported themand some of them have been fixed.
#1460835 MintNanny Executes Code in Domain Name Strings
#1462313 MintBackup executes Code when package_dest Path contains Shell commands
#1502424 Cinnamon : Command Injection with a wallpaper picture
#1502420 Shell Command Injection when changing emblem with nemo
#1477344 mintlocale allows Shell Command Injection
#1499056 Code injection in cinnamon-
#1502498 mintdrivers : Shell Command Injection (fake Live Media)
#1504270 mintSources : Shell Injection when import a key file
#1460775 Shell Command Injection in mintstick Volume Label
#1458189 mintInstall possible code execution when Website contains Shell Commands
But as i said before, i can not make a bug report and demo for each script.
So this is a "global warnig" issue because Linux excessive use insecure api calls by default.