[SECURITY] [DSA 1508-1] New diatheke packages fix arbirary shell command execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1508-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst February 25, 2008 http://www.debian.org/security/faq -...

Debian DSA-1508-1 : diatheke - insufficient input sanitising

Dan Dennison discovered that Diatheke, a CGI program to make a bible website, performs insufficient sanitising of a parameter, allowing a remote attacker to execute arbitrary shell commands as the web server user. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packa...