[] NeoSense
E X P L O I T S
title author type platform port cve id

FVWM 2.4.17/2.5.8 - fvwm_make_browse_menu.sh Scripts Command Execution

Author: Dominik Vogt
type: local
platform: linux
port: 
date_added: 2004-03-19 
date_updated: 2013-01-03 
verified: 1 
codes: OSVDB-5442 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/9922/info

It has been reported that the FVWM fvwm_make_browse_menu.sh script is prone to a command execution vulnerability. This issue is due to the script allowing a user to define which application should be used to execute the file via its filename.

An attacker may be able to leverage this issue to cause arbitrary commands to be executed with the privileges of a victim user.

$ touch 'Exec xmessage "0wn3d"'
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.