14 matches found
EUVD-2013-7117
Malware in sbrugna...
Yahoo!: Out-of-band read of arbitrary ASCII files on YQL backend servers via XML external parameter entities
The Yahoo Query Language YQL service allowed arbitrary XML documents to be loaded via the feednormalizer table and its prexslurl parameter. This enabled an attacker to exfiltrate data from the YQL backend servers by defining external parameter entities in the XML document that read local files. T...
Yahoo!: Read arbitrary ASCII files on YQL backend servers via XSLT unparsed-entity-uri() and parameter entities
Hacker discovered a vulnerability that allowed an unauthorized actor to read arbitrary ASCII files and list directories on the Yahoo Query Language YQL backend servers. This was achieved by leveraging the unparsed-entity-uri XSLT function and the dynamic declaration of unparsed XML entities when...
CVE-2013-7345
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted ASCII file that triggers a large amount of...
CentOS 5 : enscript (CESA-2008:1016)
An updated enscript packages that fixes several security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GNU enscript converts ASCII files to PostScriptR language files and spools the...
RHEL 5 : enscript (RHSA-2008:1016)
An updated enscript packages that fixes several security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GNU enscript converts ASCII files to PostScriptR language files and spools the...
Moderate: Red Hat Security Advisory: enscript security update
An updated enscript packages that fixes several security issues is now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GNU enscript converts ASCII files to PostScriptR language files and...
[SECURITY] Fedora 9 Update: enscript-1.6.4-10.fc9
GNU enscript is a free replacement for Adobe's Enscript program. Enscript converts ASCII files to PostScriptTM and spools generated PostScript output to the specified printer or saves it to a file. Enscript can be extended to handle different output media and includes many options for customizing...
CVE-2007-6595
ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on 1 temporary files used by the cligentempfd function in libclamav/others.c or on 2 .ascii files used by sigtool, when utf16-decode is enabled...
CVE-2007-6595
ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on 1 temporary files used by the cligentempfd function in libclamav/others.c or on 2 .ascii files used by sigtool, when utf16-decode is enabled...
DEBIAN-CVE-2007-6595
ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on 1 temporary files used by the cligentempfd function in libclamav/others.c or on 2 .ascii files used by sigtool, when utf16-decode is enabled...
CVE-2007-6595
ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on 1 temporary files used by the cligentempfd function in libclamav/others.c or on 2 .ascii files used by sigtool, when utf16-decode is enabled...
RHEL 2.1 / 3 : enscript (RHSA-2005:039)
An updated enscript package that fixes several security issues is now available. GNU enscript converts ASCII files to PostScript. Enscript has the ability to interpret special escape sequences. A flaw was found in the handling of the epsf command used to insert inline EPS files into a document. A...
GeoCel WindMail 3.0 - Remote File Read
GeoCel WindMail 3.0 - Remote File Read source: https://www.securityfocus.com/bid/1073/info WindMail is a command-line mailer that can be integrated with perl cgi applications to create form-mail capability for a website. WindMail 3.0 and possibly previous versions can be used to retrieve any asci...