9 matches found
Linux Distros Unpatched Vulnerability : CVE-2009-4494
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AOLserver 4.5.1 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibl...
Dangerzone Security Breach
Dangerzone is a software application. There are potentially dangerous PDF files, office documents, pictures and convert them into a secure PDF. Dangerzone 0.4.2 prior to the version of a security vulnerability, the vulnerability stems from the dangerzone-cli command to file cleanup container outp...
SUSE CVE-2009-4487
nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...
Improper input validation in Mort Bay Jetty
Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal...
nginx 0.7.64 writes data to a log file without sanitizing non-printable characters which might allow remote attackers to modify a window's title or possibly execute arbitrary commands or overwrite files via an HTTP request containing an escape sequence for a terminal emulator.
...
Ps-Tools - An Advanced Process Monitoring Toolkit For Offensive Operations
Having a good technical understanding of the systems we land on during an engagement is a key condition for deciding what is going to be the next step within an operation. Collecting and analysing data of running processes from compromised systems gives us a wealth of information and helps us to...
ruby WEBrick log escape sequence
WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrar...
UBUNTU-CVE-2009-4494
AOLserver 4.5.1 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...
UBUNTU-CVE-2009-4488
Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE: the vendo...