Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has reported that this is intentional behavior, because the documentation states "url_handler.pl was designed to work together with tin which only issues shell escaped absolute URLs.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TIN 安全漏洞
Vulnerability Description
TIN是一款Usenet(互联网交流系统)全屏新闻阅读器。 TIN 2.4.1版本中的tools/url_handler.pl文件存在安全漏洞,该漏洞源于程序在启动程序之前,没有验证字符串。远程攻击者可借助特制的URL利用该漏洞实施参数注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A