Gentoo Security Advisory GLSA 200507-29 (pstotext)

The remote host is missing updates announced in advisory GLSA 200507-29. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Debian Security Advisory DSA 792-1 (pstotext)

The remote host is missing an update to pstotext announced via advisory DSA 792-1. Max Vozeler discovered that pstotext, a utility to extract text from PostScript and PDF files, did not execute ghostscript with the -dSAFER argument, which prevents potential malicious operations to happen. For the...

Debian: Security Advisory (DSA-792-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-1220-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 1220-1 (pstotext)

The remote host is missing an update to pstotext announced via advisory DSA 1220-1. Brian May discovered that pstotext, a utility to extract plain text from Postscript and PDF files, performs insufficient quoting of file names, which allows execution of arbitrary shell commands. OpenVAS...

PSToText文件名处理shell命令执行漏洞

PSToText是一款从PostScript 和PDF档案中提取出文字的程序。 PSToText不正确处理文件名数据，远程攻击者可以利用漏洞以应用程序进程权限执行任意shell命令。 攻击者需要构建恶意文件名，诱使用户处理来触发，目前没有详细漏洞细节提供。 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Lin...

Debian DSA-1220-1 : pstotext - insecure file name quoting

Brian May discovered that pstotext, a utility to extract plain text from Postscript and PDF files, performs insufficient quoting of file names, which allows execution of arbitrary shell commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

DSA-1220-1 pstotext

Bulletin has no description...

DSA-1220 pstotext

Bulletin has no description...

CVE-2006-5869

pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name...

CVE-2006-5869

pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name...

CVE-2006-5869

pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name...

CVE-2006-5869

Removed by vendor...

CVE-2006-5869

CVE-2006-5869 affects pstotext, a Postscript/PDF text extractor. The root cause is insufficient quoting of file names, enabling user-assisted arbitrary shell command execution via shell metacharacters in a file name. Debian DSA-1220-1 fixes this in pstotext 1.9-1sarge2 (Sarge) and 1.9-4 (Etch/Sid...

[SECURITY] [DSA 1220-1] New pstotext packages fix arbitrary shell command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1220-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 26th, 2006 http://www.debian.org/security/faq -...

Debian DSA-792-1 : pstotext - missing input sanitising

Max Vozeler discovered that pstotext, a utility to extract text from PostScript and PDF files, did not execute ghostscript with the -dSAFER argument, which prevents potential malicious operations to happen. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package chec...

[SECURITY] [DSA 792-1] New pstotext packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 792-1 [email protected] http://www.debian.org/security/ Martin Schulze August 31st, 2005 http://www.debian.org/security/faq -...

DSA-792-1 pstotext - missing input sanitising

Bulletin has no description...

CVE-2005-2536

pstotext before 1.8g does not properly use the "-dSAFER" option when calling Ghostscript to extract plain text from PostScript and PDF files, which allows remote attackers to execute arbitrary commands via a malicious PostScript file...

CVE-2005-2536

pstotext before 1.8g does not properly use the "-dSAFER" option when calling Ghostscript to extract plain text from PostScript and PDF files, which allows remote attackers to execute arbitrary commands via a malicious PostScript file...