526 matches found
Yaws 1.55 - Logs Terminal Escape Sequence Command Injection
Yaws 1.55 - Logs Terminal Escape Sequence Command Injection source: https://www.securityfocus.com/bid/37716/info Yaws is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary comman...
Nginx 0.7.64 - Terminal Escape Sequence in Logs Command Injection
source: https://www.securityfocus.com/bid/37711/info The 'nginx' program is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in log files. Attackers can exploit this issue to execute arbitrary commands in a terminal. This issue affects nginx...
Ruby 1.9.1 - WEBrick 'Terminal Escape Sequence in Logs' Command Injection
source: https://www.securityfocus.com/bid/37710/info Ruby WEBrick is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in log files. Attackers can exploit this issue to execute arbitrary commands in a terminal. Versions prior to the following a...
Cherokee 0.99.30 - Terminal Escape Sequence in Logs Command Injection
source: https://www.securityfocus.com/bid/37715/info Cherokee is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. Cherokee 0.99.30 and prior are...
AOLServer Terminal 4.5.1 - Escape Sequence in Logs Command Injection
source: https://www.securityfocus.com/bid/37712/info AOLServer is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. AOLServer 4.5.1 is vulnerable; other...
FreeBSD : hafiye -- lack of terminal escape sequence filtering (027380b7-3404-11d9-ac1b-000d614f7fad)
A siyahsapka.org advisory reads : Hafiye-1.0 doesnt filter the payload when printing it to the terminal. A malicious attacker can send packets with escape sequence payloads to exploit this vulnerability. If Hafiye has been started with -n packet count option , the vulnerability could allow remote...
Fedora 10 : xterm-238-1.fc10 (2009-0091)
This update fixes the following security issue: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF aka \n characters surrounding a command name within a Device Control Request Status String DECRQSS escape sequence in a text file, a related...
Mandriva Linux Security Advisory : xterm (MDVSA-2009:005)
A vulnerability has been discovered in xterm, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to xterm not properly processing the DECRQSS Device Control Request Status String escape sequence. This can be exploited to inject and execute...
Fedora 9 : xterm-238-1.fc9 (2009-0059)
This update fixes the following security issue: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF aka \n characters surrounding a command name within a Device Control Request Status String DECRQSS escape sequence in a text file, a related...
Mandrake Security Advisory MDVSA-2009:005 (xterm)
The remote host is missing an update to xterm announced via advisory MDVSA-2009:005. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...
xterm: arbitrary command injection
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF aka \n characters surrounding a command name within a Device Control Request Status String DECRQSS escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071...
RedHat Security Advisory RHSA-2009:0018
The remote host is missing updates announced in advisory RHSA-2009:0018. The xterm program is a terminal emulator for the X Window System. A flaw was found in the xterm handling of Device Control Request Status String DECRQSS escape sequences. An attacker could create a malicious text file or log...
CVE-2008-2383
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF aka \n characters surrounding a command name within a Device Control Request Status String DECRQSS escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071...
Crlf injection
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF aka \n characters surrounding a command name within a Device Control Request Status String DECRQSS escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071...
CVE-2008-2383
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF aka \n characters surrounding a command name within a Device Control Request Status String DECRQSS escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071...
CVE-2008-2383
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF aka \n characters surrounding a command name within a Device Control Request Status String DECRQSS escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071...
CVE-2008-5078
Multiple buffer overflows in the 1 recognizeepsfile function src/psgen.c and 2 tildesubst function src/util.c in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename...
Buffer overflow
Multiple buffer overflows in the 1 recognizeepsfile function src/psgen.c and 2 tildesubst function src/util.c in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename...
CVE-2008-5078
Multiple buffer overflows in the 1 recognizeepsfile function src/psgen.c and 2 tildesubst function src/util.c in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename...
enscript: "font" special escape buffer overflows
Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence...