3 matches found
CVE-2005-0015
diatheke.pl in Sword 1.5.7a allows remote attackers to execute arbitrary commands via shell metacharacters in a URL...
CVE-2005-0015
The CVE-2005-0015 issue concerns diatheke.pl in Sword 1.5.7a, where missing input sanitising enables remote attackers to execute arbitrary commands via shell metacharacters in a URL. Public sources (Debian DSA-650-1, OpenVAS DSAs) confirm a remote command-execution vulnerability in Sword’s CGI sc...
Debian DSA-650-1 : sword - missing input sanitising
Ulf Harnhammar discovered that due to missing input sanitising in diatheke, a CGI script for making and browsing a bible website, it is possible to execute arbitrary commands via a specially crafted URL. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks ...