811 matches found
DEBIAN-CVE-2003-0070
VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containin...
CVE-2003-0071
The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop...
gnome-terminal allows arbitrary command execution when viewing files containing crafted escape sequences
Overview gnome-terminal may allow a remote attacker to execute arbitrary commands via crafted escape sequences. Description gnome-terminal affords users the ability to utilize an escape sequence to "export" the title of the current window title directly to the shell command line. By viewing a...
Terminal Emulator Security Issues
TERMINAL EMULATOR SECURITY ISSUES Copyright © 2003 Digital Defense Incorporated All Rights Reserved Table of Contents -- Summary -- Disclaimer -- Escape Sequences -- Remote Exploitation -- Screen Dumping -- Window Title Reporting -- Miscellaneous Issues -- Terminal Defense -- Tested Emulator...
Multiple terminal emulators problems
By inserting secape sequences into terminal session via log files, e-mail, etc it's possible to force client into performing a set of operation, like sending control command to server, create a file, etc...
Apache Httpd < 1.3.31 : Error log escape filtering
Apache does not filter terminal escape sequences from error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...
Apache Httpd < 2.0.46 : Filtered escape sequences
Apache did not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...
Apache Httpd < 1.3.26 : Filtered escape sequences
Apache did not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...
Apache Httpd < 2.0.49 : Error log escape filtering
Apache does not filter terminal escape sequences from error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...
CVE-1999-1273
Squid Internet Object Cache 1.1.20 allows users to bypass access control lists ACLs by encoding the URL with hexadecimal escape sequences...
CVE-1999-1273
Squid Internet Object Cache 1.1.20 allows users to bypass access control lists ACLs by encoding the URL with hexadecimal escape sequences...