13 matches found
Mandriva Security Advisory MDVSA-2009:046-1 (dia)
The remote host is missing an update to dia announced via advisory MDVSA-2009:046-1. OpenVAS Vulnerability Test $Id: mdksa20090461.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:046-1 dia Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
Mandriva Linux Security Advisory : dia (MDVSA-2009:046-1)
Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current dia working directory CVE-2008-5984. This update...
Dia Python插件使用不安全搜索路径漏洞
BUGTRAQ ID: 33448 CVECAN ID: CVE-2008-5984 Dia是开放源码的流程图软件。 Dia的Python插件使用了不可信任的搜索路径,在调用PySysSetArgv时Python向sys.path附加了空字符串。如果dia工作目录中的python文件名称与python脚本试图导入的文件名相同的话,就会导致在用户系统中执行任意代码。 GNOME Dia 0.96.1 厂商补丁: GNOME ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.mandriva.com/en/download/...
FreeBSD Ports: dia
The remote host is missing an update to the system as announced in the referenced advisory. VID 25eb365c-fd11-11dd-8424-c213de35965d OpenVAS Vulnerability Test $ Description: Auto generated from VID 25eb365c-fd11-11dd-8424-c213de35965d Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
Mandrake Security Advisory MDVSA-2009:040 (dia)
The remote host is missing an update to dia announced via advisory MDVSA-2009:040. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-on...
Mandrake Security Advisory MDVSA-2009:040 (dia)
The remote host is missing an update to dia announced via advisory MDVSA-2009:040. OpenVAS Vulnerability Test $Id: mdksa2009040.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:040 dia Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
FreeBSD Ports: dia
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Fedora Core 9 FEDORA-2009-1057 (dia)
The remote host is missing an update to dia announced via advisory FEDORA-2009-1057. OpenVAS Vulnerability Test $Id: fcore20091057.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-1057 dia Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
CVE-2008-5984
Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySysSetArgv function CVE-2008-5983...
CVE-2008-5984
Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySysSetArgv function CVE-2008-5983...
CVE-2008-5984
Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySysSetArgv function CVE-2008-5983...
CVE-2008-5984
CVE-2008-5984 describes an untrusted search path vulnerability in the Python plugin used by Dia 0.96.1, enabling local users to run arbitrary code via a Trojan Python file in the current working directory. The underlying root cause is tied to PySys_SetArgv (CVE-2008-5983), which can prepend an em...
Fedora 9 : dia-0.96.1-7.fc9 (2009-1057)
Filter out untrusted python modules search path to remove the possibility to run arbitrary code on the user's system if there is a python file in dia's working directory named the same as one that dia's python scripts try to import. Note that Tenable Network Security has extracted the preceding...