VULHUB ™

Gnut is a free, open-source console-based Gnutella file-sharing client for Microsoft Windows and Linux systems. A problem exists with Gnut's web interface. Webfrontend allows users to perform searches, but when the results of a search are returned the interface will not strip HTML tags from filenames. An attacker could exploit this issue by embedding script code in a filename, which will may be able to be run locally on the user when the file turns up in a search. This issue may allow the attacker to gain unauthorized access to resources on the system of the Gnut user.

Gnut is a free, open-source console-based Gnutella file-sharing client for Microsoft Windows and Linux systems. A problem exists with Gnut's web interface. Webfrontend allows users to perform searches, but when the results of a search are returned the interface will not strip HTML tags from filenames. An attacker could exploit this issue by embedding script code in a filename, which will may be able to be run locally on the user when the file turns up in a search. This issue may allow the attacker to gain unauthorized access to resources on the system of the Gnut user.