CVE-2006-1865

Beagle <0.2.5 - Command Injection

Title source: llm

Description

Argument injection vulnerability in Beagle before 0.2.5 allows attackers to execute arbitrary commands via crafted filenames that inject command line arguments when Beagle launches external helper applications while indexing.

References (10)

[Broken Link] http://lists.seifried.org/pipermail/security/2006-April/013163.html

[Third Party Advisory] http://scary.beasts.org/security/CESA-2006-002.html

[Broken Link, Vendor Advisory] http://secunia.com/advisories/19778

[Broken Link, Vendor Advisory] http://secunia.com/advisories/19781

[Broken Link, Vendor Advisory] http://secunia.com/advisories/19897

[Broken Link] http://www.novell.com/linux/security/advisories/2006_04_28.html

[Broken Link] http://www.osvdb.org/24938

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/17611

[Issue Tracking] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189282

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/26104

Scores

EPSS 0.0190

EPSS Percentile 83.0%

Classification

CWE

CWE-88

Status draft

Affected Products (1)

beagle_project/beagle < 0.2.5

Timeline

Published Apr 21, 2006

Tracked Since Feb 18, 2026