Apache Httpd < 2.2.25 : mod_rewrite log escape filtering

modrewrite does not filter terminal escape sequences from logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

Apache Httpd < 2.0.65 : mod_rewrite log escape filtering

modrewrite does not filter terminal escape sequences from logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

[SECURITY] Fedora 16 Update: android-tools-20130123git98d0789-1.fc16

The Android Debug Bridge ADB is used to: - keep track of all Android devices and emulators instances connected to or running on a given host developer machine - implement various control commands e.g. "adb shell", "adb pull", etc. for the benefit of clients command-line users, or helper programs...

CVE-2010-0002

The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LSOPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename...

Code injection

The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LSOPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename...

CVE-2010-0002

The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LSOPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename...

CVE-2010-0002

The Red Hat/Mandriva family advisories confirm CVE-2010-0002 affects Mandriva’s Bash packages where /etc/profile.d/60alias.sh enables --show-control-chars in LS_OPTIONS, allowing local users to craft filenames that inject terminal escape sequences or hide files. Impact is local, with potential di...

Multiple X11 terminals: Local privilege escalation

Background Aterm, Eterm, Mrxvt, multi-aterm, RXVT, rxvt-unicode, and wterm are X11 terminal emulators. Description Bernhard R. Link discovered that RXVT opens a terminal on :0 if the "-display" option is not specified and the DISPLAY environment variable is not set. Further research by the Gentoo...

Apache Error Log Escape Sequence Injection

The target is running an Apache web server which allows for the injection of arbitrary escape sequences into its error logs. An attacker might use this vulnerability in an attempt to exploit similar vulnerabilities in terminal emulators. OpenVAS has determined the vulnerability exists only by...

Multiple Apple MacOS X vulnerabilities

NeST buffer overflow. Выполнение javascript in local context with Help Viewer, insufficient input balidation in URL Protocol Messaging, insufficient input validation in x-man-path:, insufficient input validation in terminal emulators. Multiple bluetooth vulnerabilities. vpnd buffer overflow...

Mandrake Linux Security Advisory : rxvt (MDKSA-2003:034)

Digital Defense Inc. released a paper detailing insecurities in various terminal emulators, including rxvt. Many of the features supported by these programs can be abused when untrusted data is displayed on the screen. This abuse can be anything from garbage data being displayed to the screen or ...

security flaw

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

security flaw

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

security flaw

Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerabilit...

DEBIAN-CVE-2003-0020

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

security flaw

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

Multiple terminal emulators problems

By inserting secape sequences into terminal session via log files, e-mail, etc it's possible to force client into performing a set of operation, like sending control command to server, create a file, etc...

Apache Httpd < 1.3.31 : Error log escape filtering

Apache does not filter terminal escape sequences from error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...