2801 matches found
Ghostscript 9.20 - Filename Command Execution Vulnerability
Exploit for windows platform in category local exploits + + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/GHOSTSCRIPT-FILENAME-COMMAND-EXECUTION.txt + ISR: ApparitionSec + Vendor: =============== ghostscript.com Product:...
Ghostscript 9.20 Command Execution
Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/GHOSTSCRIPT-FILENAME-COMMAND-EXECUTION.txt + ISR: ApparitionSec + Vendor: =============== ghostscript.com Product: ================ Ghostscript 9.20 gs920w32.exe Windows 32...
Ghostscript 9.20 - Filename Command Execution
Ghostscript 9.20 - Filename Command Execution + + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/GHOSTSCRIPT-FILENAME-COMMAND-EXECUTION.txt + ISR: ApparitionSec + Vendor: =============== ghostscript.com Product:...
Ghostscript 9.20 - 'Filename' Command Execution
Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/GHOSTSCRIPT-FILENAME-COMMAND-EXECUTION.txt + ISR: ApparitionSec + Vendor: =============== ghostscript.com Product: ================ Ghostscript 9.20 gs920w32.exe Windows 32...
Flaws Found in Popular Printer Models
Vulnerabilities in popular printer models made by HP, Dell and Lexmark expose the devices to attackers who can steal passwords, shut down printers and even steal print jobs. Academic researchers at the University Alliance Ruhr on Monday published a series of advisories and an informational wiki...
Hacking Printers Advisory 1
TL;DR: In the scope of academic research on printer security, various vulnerabilities in network printers and MFPs have been discovered. This is advisory 1 of 6 of the Hacking Printers' series. Each advisory discusses multiple issues of the same category. This post is about manipulating and...
Hacking Printers Advisory 2
TL;DR: In the scope of academic research on printer security, various vulnerabilities in network printers and MFPs have been discovered. This is advisory 2 of 6 of the Hacking Printers' series. Each advisory discusses multiple issues of the same category. This post is about accessing a printers...
[SECURITY] Fedora 24 Update: ghostscript-9.20-6.fc24
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures the Ghostscript library, which implements the graphics capabilities in the PostScript language and an interpreter for Portable Document Format PDF files. Ghostscript translates PostScript code into many...
[SECURITY] Fedora 25 Update: ghostscript-9.20-6.fc25
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures the Ghostscript library, which implements the graphics capabilities in the PostScript language and an interpreter for Portable Document Format PDF files. Ghostscript translates PostScript code into many...
a2ps: Arbitrary code execution
Background a2ps is an Any to PostScript filter. Description a2ps’ fixps script does not invoke gs with the -dSAFER option. Impact Remote attackers, by enticing a user to process a specially crafted PostScript file, could delete arbitrary files or execute arbitrary code with the privileges of the...
Amazon Linux AMI : ghostscript (ALAS-2017-784)
It was found that the ghostscript functions getenv, filenameforall and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list directory and retrie...
Medium: ghostscript
Issue Overview: It was found that the ghostscript functions getenv, filenameforall and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list...
Ghostscript 'psi/zht2.c' Null Pointer Reference Remote Code Execution Vulnerability
PostScript PS is a page description language and programming language used in the electronics industry and desktop publishing.Artifex Software Ghostscript is an open-source PostScript parser from Artifex Software that displays Postscript files and prints Postscript files on non-PostScript printer...
RHEL 7 : ghostscript (RHSA-2017:0013)
An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
Scientific Linux Security Update : ghostscript on SL6.x i386/x86_64 (20170104)
Security Fixes : - It was found that the ghostscript functions getenv, filenameforall and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list...
RedHat Update for ghostscript RHSA-2017:0014-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ghostscript security update
CentOS Errata and Security Advisory CESA-2017:0013 An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Moderate: Red Hat Security Advisory: ghostscript security update
An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
ghostscript: reference leak in .setdevice allows use-after-free and remote code execution
It was found that the ghostscript function .setdevice suffered a use-after-free vulnerability due to an incorrect reference count. A specially crafted postscript document could trigger code execution in the context of the gs process...
ghostscript: check for sufficient params in .sethalftone5
It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postscript document could cause a crash, or execute arbitrary code in the context of the gs process...