Search for vulnerabilities
Vulnerability details: VCID-zctz-yts9-aaan
Vulnerability ID VCID-zctz-yts9-aaan
Aliases CVE-2010-2809
Summary The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-94 Improper Control of Generation of Code ('Code Injection')
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-2809.html
epss 0.05397 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05568 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05568 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05568 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05568 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05568 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05568 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05568 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05568 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05568 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05568 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05568 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05568 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05568 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05568 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05568 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05568 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05568 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05568 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05568 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05568 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05568 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05568 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05568 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05568 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.05768 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.07150 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.07150 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.07150 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.07150 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.07150 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.07150 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.07150 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.07150 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.07150 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.07150 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.07150 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.07150 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.07150 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.07150 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
epss 0.07150 https://api.first.org/data/v1/epss?cve=CVE-2010-2809
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2809
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2010-2809
generic_textual Medium http://www.uzbl.org/news.php?id=29
Reference id Reference type URL
http://github.com/Dieterbe/uzbl/commit/9cc39cb5c9396be013b5dc2ba7e4b3eaa647e975
http://github.com/pawelz/uzbl/commit/342f292c27973c9df5f631a38bd12f14a9c5cdc2
http://marc.info/?l=oss-security&m=128111493509265&w=2
http://marc.info/?l=oss-security&m=128111994317381&w=2
http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-2809.html
https://api.first.org/data/v1/epss?cve=CVE-2010-2809
https://bugzilla.redhat.com/show_bug.cgi?id=621964
https://bugzilla.redhat.com/show_bug.cgi?id=621965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2809
https://exchange.xforce.ibmcloud.com/vulnerabilities/61011
http://www.securityfocus.com/bid/42297
http://www.uzbl.org/bugs/index.php?do=details&task_id=240
http://www.uzbl.org/news.php?id=29
594301 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594301
cpe:2.3:a:uzbl:uzbl:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:uzbl:uzbl:*:*:*:*:*:*:*:*
cpe:2.3:a:uzbl:uzbl:2009.12.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:uzbl:uzbl:2009.12.22:*:*:*:*:*:*:*
cpe:2.3:a:uzbl:uzbl:2010.01.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:uzbl:uzbl:2010.01.04:*:*:*:*:*:*:*
CVE-2010-2809 https://nvd.nist.gov/vuln/detail/CVE-2010-2809
CVE-2010-2809;OSVDB-67308 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34426.txt
CVE-2010-2809;OSVDB-67308 Exploit https://www.securityfocus.com/bid/42297/info
GLSA-201412-08 https://security.gentoo.org/glsa/201412-08
Data source Exploit-DB
Date added Aug. 5, 2010
Description uzbl 'uzbl-core' - '@SELECTED_URI' Mouse Button Bindings Command Injection
Ransomware campaign use Known
Source publication date Aug. 5, 2010
Exploit type remote
Platform linux
Source update date Aug. 27, 2014
Source URL https://www.securityfocus.com/bid/42297/info
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2010-2809
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.83172
EPSS Score 0.05397
Published At March 29, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.