2744 matches found
CVE-2014-0466
The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file...
CVE-2014-0466
The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file...
CVE-2014-0466
The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file...
Design/Logic Flaw
The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file...
UBUNTU-CVE-2014-0466
The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file...
CVE-2014-0466
The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file...
CVE-2014-0466
CVE-2014-0466 affects the a2ps package. The underlying issue is in the fixps script: it does not invoke Ghostscript with the -dSAFER option, enabling a crafted PostScript file to trigger arbitrary commands or delete files. Documented impact across multiple distros states remote attackers could ex...
CVE-2014-0466
The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file...
Debian DSA-2892-1 : a2ps - security update
Several vulnerabilities have been found in a2ps, an 'Anything to PostScript' converter and pretty-printer. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2001-1593 The spyuser function which is called when a2ps is invoked with the --debug flag insecurel...
Debian Security Advisory DSA 2892-1 (a2ps - security update)
Several vulnerabilities have been found in a2ps, an Anything to PostScript converter and pretty-printer. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2001-1593 The spyuser function which is called when a2ps is invoked with the --debug flag insecurely use...
DSA-2892-1 a2ps - security update
Bulletin has no description...
Printer Job Language Abuse Tool
!/usr/bin/python2 """ printit.py - sends postscript files to printers. Never pay extortionate prices for printing again! Author: Darren "infodox" Martyn Twitter: @infodox Licence: WTFPL - wtfpl.net Bitcoins: 1PapWy5tKx7xPpX2Zg8Rbmevbk5K4ke1ku Version: 20140109.1 Changes: Added ReadyMessage...
UBUNTU-CVE-2013-5653
The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file...
PT-2018-13778 · Artifex +3 · Ghostscript +3
Name of the Vulnerable Software and Affected Versions: ghostscript version 9.07 Description: An issue was discovered where a previous fix did not fully address the problem, allowing an attacker to potentially exploit a variant of the flaw. This could enable the bypassing of the -dSAFER protection...
Debian Security Advisory DSA 2595-1 (ghostscript - integer overflow)
Marc Schoenefeld discovered that an integer overflow in the ICC parsing code of Ghostscript can lead to the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb25951.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2595-1 using nvtgen 1.0 Script version: 1.0...
Amazon Linux AMI : ghostscript (ALAS-2012-42)
An integer overflow flaw was found in Ghostscript's TrueType bytecode interpreter. An attacker could create a specially crafted PostScript or PDF file that, when interpreted, could cause Ghostscript to crash or, potentially, execute arbitrary code. CVE-2009-3743 It was found that Ghostscript alwa...
Fedora Update for autotrace FEDORA-2013-11904
Check for the Version of autotrace OpenVAS Vulnerability Test Fedora Update for autotrace FEDORA-2013-11904 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...
HP LaserJet Pro /dev/save_restore.xml Administrative Password Disclosure
The remote HP LaserJet Pro printer is affected by an information disclosure vulnerability. The file '/dev/saverestore.xml' contains a hexadecimal representation of the administrative password. This information can be used by an attacker in further attacks. %NASLMINLEVEL 70300 C Tenable Network...
Oracle Linux 5 / 6 : ghostscript (ELSA-2012-0095)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-0095 advisory. - Applied upstream fix to last patch CVE-2010-4054, bug 646086. - Applied patch to prevent null pointer dereference CVE-2010-4054, bug 646086. -...
Oracle Linux 3 : tetex (ELSA-2010-0401)
From Red Hat Security Advisory 2010:0401 : Updated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...