188 matches found
security flaw
Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames...
security flaw
Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service application crash...
Low: Red Hat Security Advisory: enscript security update
An updated enscript package that fixes several security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. GNU enscript converts ASCII files to PostScript. Enscript has the ability to interpret...
security flaw
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters...
GLSA-200502-03 : enscript: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200502-03 enscript: Multiple vulnerabilities Erik Sjolund discovered several issues in enscript: it suffers from several buffer overflows CAN-2004-1186, quotes and shell escape characters are insufficiently sanitized in filenames...
Mandrake Linux Security Advisory : enscript (MDKSA-2005:033)
A vulnerability in the enscript program's handling of the epsf command used to insert inline EPS file into a document was found. An attacker could create a carefully crafted ASCII file which would make used of the epsf pipe command in such a way that it could execute arbitrary commands if the fil...
Fedora Core 2 : enscript-1.6.1-25.3 (2005-091)
This update fixes a regression introduced by the last update. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
enscript: Multiple vulnerabilities
Background enscript is a powerful ASCII to PostScript file converter. Description Erik Sjolund discovered several issues in enscript: it suffers from several buffer overflows CAN-2004-1186, quotes and shell escape characters are insufficiently sanitized in filenames CAN-2004-1185, and it supporte...
Fedora Core 3 : enscript-1.6.1-28.0.3 (2005-092)
This update fixes a regression introduced by the last update. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
RHEL 2.1 / 3 : enscript (RHSA-2005:039)
An updated enscript package that fixes several security issues is now available. GNU enscript converts ASCII files to PostScript. Enscript has the ability to interpret special escape sequences. A flaw was found in the handling of the epsf command used to insert inline EPS files into a document. A...
security flaw
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters...
security flaw
Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service application crash...
security flaw
Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames...
Low: Red Hat Security Advisory: enscript security update
An updated enscript package that fixes several security issues is now available. GNU enscript converts ASCII files to PostScript. Enscript has the ability to interpret special escape sequences. A flaw was found in the handling of the epsf command used to insert inline EPS files into a document. A...
CVE-2004-1185
Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames...
CVE-2004-1184
CVE-2004-1184 affects enscript (notably version 1.6.3) where EPSF pipe support accepts shell metacharacters, enabling arbitrary command execution by remote attackers or local users. Technical details across OpenVAS/Nessus entries confirm the vulnerability and its association with enscript; remedi...
CVE-2004-1186
Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service application crash...
CVE-2004-1184
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters...
CVE-2004-1184
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters...
CVE-2004-1185
CVE-2004-1185 concerns the Unix filter program enscript with insufficient sanitization of filenames, enabling an attacker to execute arbitrary commands through crafted filenames. The initial description states that Enscript 1.6.3 can be exploited via unsanitised filenames to run arbitrary command...