• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

GKrellM Newsticker Command Execution Vulnerability

GKrellM Newsticker is prone to a remote command execution vulnerability. The newstricker will launch a browser using a URI supplied by a news feed when the ticker title is clicked by the user. Shell metacharacters will not be sanitized from the URI, which could result in remote command execution in the context of the user running the newsticker software.