Vulnerabilities > CVE-2009-1144 - Code Injection vulnerability in multiple products
Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library.
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Manipulating User-Controlled Variables This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.
|NASL family||Gentoo Local Security Checks|
|description||The remote host is affected by the vulnerability described in GLSA-200904-07 (Xpdf: Untrusted search path) Erik Wallin reported that Gentoo|
|reporter||This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.|
|title||GLSA-200904-07 : Xpdf: Untrusted search path|