Debian DSA-3445-1 : pygments - security update

Javantea discovered that pygments, a generic syntax highlighter, is prone to a shell injection vulnerability allowing a remote attacker to execute arbitrary code via shell metacharacters in a font name. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...

[SECURITY] [DSA 3445-1] pygments security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3445-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3445-1] pygments security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3445-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2016 https://www.debian.org/security/faq -...

DSA-3445-1 pygments - security update

Bulletin has no description...

Debian Security Advisory DSA 3445-1 (pygments - security update)

Javantea discovered that pygments, a generic syntax highlighter, is prone to a shell injection vulnerability allowing a remote attacker to execute arbitrary code via shell metacharacters in a font name. OpenVAS Vulnerability Test $Id: deb3445.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generat...

Debian: Security Advisory (DSA-3445-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : pygments -- shell injection vulnerability (5f276780-b6ce-11e5-9731-5453ed2e2b49)

NVD reports : The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

Debian DLA-369-1 : pygments security update

It was discovered that there was a shell injection vulnerability in pygments, a syntax highlighting package written in Python. For Debian 6 Squeeze, this issue has been fixed in pygments version 1.3.1+dfsg-1+deb6u11. NOTE: Tenable Network Security has extracted the preceding description block...

[SECURITY] [DLA 369-1] pygments security update

Package : pygments Version : 1.3.1+dfsg-1+deb6u11 CVE ID : CVE-2015-8557 Debian Bug : 802828 It was discovered that there was a shell injection vulnerability in pygments, a syntax highlighting package written in Python. For Debian 6 Squeeze, this issue has been fixed in pygments version...

Pygments FontManager._get_nix_font_path Shell Injection Vulnerability

Pygments FontManager.getnixfontpath version 1.2.2-2.0.2 suffers from a shell injection vulnerability. Shell Injection in Pygments FontManager.getnixfontpath Product: Pygments Version: 1.2.2-2.0.2 497:fe62167596bb to 3693:655dbebddc23 Tue Nov 06 17:30:45 2007 +0000 to Aug 21, 2015. Website:...

pygments -- shell injection vulnerability

NVD reports: The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...

FreeBSD Security Advisory FreeBSD-SA-15:18.bsdpatch

============================================================================= FreeBSD-SA-15:18.bsdpatch Security Advisory The FreeBSD Project Topic: shell injection vulnerability in patch1 Category: contrib Module: patch Announced: 2015-08-05 Credits: Martin Natano Affects: FreeBSD 10.x. Correcte...

FreeBSD-SA-15:18.bsdpatch

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:18.bsdpatch Security Advisory The FreeBSD Project Topic: shell injection vulnerability in patch1 Category: contrib Module: patch Announced: 2015-08-05...

FreeBSD -- shell injection vulnerability in patch(1)

Problem Description: Due to insufficient sanitization of the input patch stream, it is possible for a patch file to cause patch1 to pass certain ed1 scripts to the ed1 editor, which would run commands. Impact: This issue could be exploited to execute arbitrary commands as the user invoking patch1...

FreeBSD Security Advisory FreeBSD-SA-15:14.bsdpatch

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:14.bsdpatch Security Advisory The FreeBSD Project Topic: shell injection vulnerability in patch1 Category: contrib Module: patch Announced: 2015-07-28 Credit...

FreeBSD-SA-15:14.bsdpatch

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:14.bsdpatch Security Advisory The FreeBSD Project Topic: shell injection vulnerability in patch1 Category: contrib Module: patch Announced: 2015-07-28...

FreeBSD -- shell injection vulnerability in patch(1)

Problem Description: Due to insufficient sanitization of the input patch stream, it is possible for a patch file to cause patch1 to run commands in addition to the desired SCCS or RCS commands. Impact: This issue could be exploited to execute arbitrary commands as the user invoking patch1 against...

Accellion FTA - getStatus verify_oauth_token Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Accellion FTA getStatus verifyoauthtoken Command Execution', 'Description' = %q This module exploits a metacharacter shell injection...

Accellion FTA getStatus verify_oauth_token Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Accellion FTA getStatus verifyoauthtoken Command Execution', 'Description' = %q This module exploits a metacharacter shell injection...

FreeBSD : py-salt -- potential shell injection vulnerabilities (865863af-fb5e-11e4-8fda-002590263bf5)

Colton Myers reports : In order to fix potential shell injection vulnerabilities in salt modules, a change has been made to the various cmd module functions. These functions now default to pythonshell=False, which means that the commands will not be sent to an actual shell. The largest side effec...