4 matches found
[SECURITY] [DSA 1251-1] New netrik packages fix arbitary shell command execution
------------------------------------------------------------------------ Debian Security Advisory DSA-1251-1 [email protected] http://www.debian.org/security/ Steve Kemp January 21, 2007 - ------------------------------------------------------------------------ Package : netrik Vulnerability :...
[Full-disclosure] [SECURITY] [DSA 1251-1] New netrik packages fix arbitary shell command execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1251-1 [email protected] http://www.debian.org/security/ Steve Kemp January 21, 2007 -...
DEBIAN-CVE-2006-6678
The edittextarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename...
CVE-2006-6678
Summary: CVE-2006-6678 affects netrik prior to 1.15.5 (noted fixes in 1.15.4-1sarge1 per Debian DSA-1251-1). The edit_textarea function in form-file.c does not properly sanitize temporary filenames when editing textarea fields, enabling an attacker to inject shell metacharacters in the filename t...