130 matches found
Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : xterm vulnerabilities (USN-703-1)
Paul Szabo discovered that the DECRQSS escape sequences were not handled correctly by xterm. Additionally, window title operations were also not safely handled. If a user were tricked into viewing a specially crafted series of characters while in xterm, a remote attacker could execute arbitrary...
Ubuntu USN-703-1 (xterm)
The remote host is missing an update to xterm announced via advisory USN-703-1. OpenVAS Vulnerability Test $Id: ubuntu7031.nasl 7969 2017-12-01 09:23:16Z santu $ $Id: ubuntu7031.nasl 7969 2017-12-01 09:23:16Z santu $ Description: Auto-generated from advisory USN-703-1 xterm Authors: Thomas Reinke...
USN-703-1: xterm vulnerabilities
Paul Szabo discovered that the DECRQSS escape sequences were not handled correctly by xterm. Additionally, window title operations were also not safely handled. If a user were tricked into viewing a specially crafted series of characters while in xterm, a remote attacker could execute arbitrary...
Security flaw in IBM Client Security Password Manager
Hello all, I recently found a security flaw in the design of the IBM Client Security Password Manager an application used to authenticate application forms using fingerprints. It came to my attention that the application only recognized my e-bank site and authed against it if i had just created a...
CVE-2003-1090
CVE-2003-1090 describes a buffer overflow in AbsoluteTelnet prior to 2.12 RC10, allowing remote attackers to execute arbitrary code via a long window title. Affected product: AbsoluteTelnet; vulnerable component: window title handling; root cause: memory corruption due to overflow. Impact: remote...
CVE-2003-0063
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the...
CVE-2003-0065
The uxterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitra...
CVE-2003-0064
The CVE concerns dtterm and related terminals’ Window Title Reporting feature. An attacker can craft an escape sequence that places the current window title on the command line, and the user must press Enter for the command to execute, enabling arbitrary command execution on the vulnerable host. ...
CVE-2003-0070
VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containin...
CVE-2003-0066
The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to...
CVE-2003-0069
The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute...
CVE-2003-0064
The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitra...
CVE-2003-0067
The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute...
CVE-2003-0070
CVE-2003-0070 affects VTE as used by gnome-terminal; the vte_sequence_handler_window_manipulation routine fails to sanitize certain escape sequences, allowing an attacker to modify the window title and inject it back into the command line, potentially enabling arbitrary command execution. This is...
CVE-2003-0065
CVE-2003-0065 concerns the uxterm terminal emulator window-title reporting vulnerability. A malicious escape sequence can modify the terminal window title and, when echoed back to the command line, enable attacker-controlled input to be executed by the user’s shell. The related literature documen...
CVE-2003-0066
The CVE-2003-0066 issue affects rxvt 2.7.8 and earlier. A vulnerable escape sequence allows an attacker to modify the window title and have that title re-enter the shell as a command, enabling arbitrary command execution when a user views a file containing the malicious sequence. The root cause i...
CVE-2003-0066
Removed by vendor...
CVE-2003-0068
The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker t...
CVE-2003-0077
The hanterm hanterm-xf terminal emulator 2.0.5 and earlier, and possibly later versions, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...
CVE-2003-0067
The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute...