Lucene search
K

9 matches found

OpenVAS
OpenVAS
added 2008/09/04 12:0 a.m.27 views

FreeBSD Ports: xli

The remote host is missing an update to the system as announced in the referenced advisory. VID 310d0087-0fde-4929-a41f-96f17c5adffe OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

7.5CVSS0.1AI score0.03603EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/07/13 12:0 a.m.32 views

FreeBSD : xloadimage -- arbitrary command execution when handling compressed files (310d0087-0fde-4929-a41f-96f17c5adffe)

Tavis Ormandy discovered that xli and xloadimage attempt to decompress images by piping them through gunzip or similar decompression tools. Unfortunately, the unsanitized file name is included as part of the command. This is dangerous, as in some situations, such as mailcap processing, an attacke...

7.5CVSS5.7AI score0.03603EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2005/05/19 12:0 a.m.23 views

Fedora Core 2 : xloadimage-4.1-34.FC2 (2005-236)

This update fixes CVE-2005-0638, a problem in the parsing of shell metacharacters in filenames. It also fixes bugs in handling of malformed TIFF and PBM/PNM/PPM issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory...

7.5CVSS5.3AI score0.03603EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2005/04/19 12:0 a.m.27 views

RHEL 4 : xloadimage (RHSA-2005:332)

The remote Redhat Enterprise Linux 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2005:332 advisory. The xloadimage utility displays images in an X Window System window, loads images into the root window, or writes images into a file. Xloadimage...

7.5CVSS5.8AI score0.03603EPSS
Exploits0References7
Cvelist
Cvelist
added 2005/03/04 5:0 a.m.19 views

CVE-2005-0638

xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command...

7.1AI score0.03603EPSS
Exploits0References11
CVE
CVE
added 2005/03/04 5:0 a.m.68 views

CVE-2005-0638

CVE-2005-0638 affects xloadimage (and xli) where filenames are not properly quoted when invoking gunzip, allowing shell metacharacter injection and arbitrary command execution when a malformed filename is processed. The issue impacts xloadimage prior to version 4.1-r2 and xli prior to 1.17, acros...

7.5CVSS7.1AI score0.03603EPSS
Exploits0References11Affected Software1
Debian CVE
Debian CVE
added 2005/03/04 5:0 a.m.23 views

CVE-2005-0638

xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command...

7.5CVSS7.4AI score0.03603EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2005/03/02 5:0 a.m.25 views

CVE-2005-0638

xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command...

7.5CVSS5.9AI score0.03603EPSS
Exploits0References1
NVD
NVD
added 2005/03/02 5:0 a.m.17 views

CVE-2005-0638

xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command...

7.5CVSS7.2AI score0.03603EPSS
Exploits0References11
Rows per page
Query Builder