 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2009-1792 |
| Description: | The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka S3DPlayer StandAlone) 1.6.2.4 and 1.7.0.1 and WebPlayer (aka S3DPlayer Web) 1.6.0.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the first argument (the sURL argument). |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.800574 1.3.6.1.4.1.25623.1.0.800576 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-1792 BugTraq ID: 35105 http://www.securityfocus.com/bid/35105 Bugtraq: 20090528 CORE-2009-0401 - StoneTrip S3DPlayers remote command injection (Google Search) http://www.securityfocus.com/archive/1/503887/100/0/threaded http://www.coresecurity.com/content/StoneTrip-S3DPlayers http://secunia.com/advisories/35256 |