83 matches found
SuSE9 Security Update : dhcpcd (YOU Patch Number 12696)
A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server. CVE-2011-0996 %NASLMINLEVEL 70300 C...
isc-dhcp-client -- dhclient does not strip or escape shell meta-characters
ISC reports: ISC dhclient did not strip or escape certain shell meta-characters in responses from the dhcp server like hostname before passing the responses on to dhclient-script. Depending on the script and OS, this can result in execution of exploit code on the client...
SuSE 11.1 Security Update : logwatch (SAT Patch Number 4236)
Shell meta characters in log file names could lead to execution of arbitrary code. CVE-2011-1018 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C Novell, Inc...
Debian: Security Advisory (DSA-2182-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SuSE9 Security Update : gnome-vfs2,gnome-vfs2-doc (YOU Patch Number 10010)
This update fixes the following security problems : - The VFS scripts contained in GNOME are vulnerable to attacks on temporary files as well as command execution via shell meta-characters. These bugs can be exploited by accessing a malformated archive file. CVE-2004-0494 - Insufficient checks wh...
Ubuntu 8.04 LTS / 8.10 : moodle vulnerabilities (USN-791-1)
Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. CVE-2007-3215 Nigel McNie discovered that fetching https URLs di...
USN-791-1: Moodle vulnerabilities
Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. CVE-2007-3215 Nigel McNie discovered that fetching https URLs di...
Mandriva Update for hplip MDKSA-2007:201 (hplip)
Check for the Version of hplip OpenVAS Vulnerability Test Mandriva Update for hplip MDKSA-2007:201 hplip Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Ubuntu Update for xfce4-terminal vulnerability USN-497-1
Ubuntu Update for Linux kernel vulnerabilities USN-497-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4971.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for xfce4-terminal vulnerability USN-497-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...
Ubuntu: Security Advisory (USN-530-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-526-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 694-1 (xloadimage)
The remote host is missing an update to xloadimage announced via advisory DSA 694-1. OpenVAS Vulnerability Test $Id: deb6941.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 694-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
USN-530-1: hplip vulnerability
It was discovered that the hpssd tool of hplip did not correctly handle shell meta-characters. A local attacker could exploit this to execute arbitrary commands as the hplip user...
USN-526-1: debian-goodies vulnerability
Thomas de Grenier de Latour discovered that the checkrestart program included in debian-goodies did not correctly handle shell meta-characters. A local attacker could exploit this to gain the privileges of the user running checkrestart...
USN-497-1: xfce4-terminal vulnerability
Lasse Kärkkäinen discovered that the Xfce Terminal did not correctly escape shell meta-characters during "Open Link" actions. If a remote attacker tricked a user into opening a specially crafted URI, they could execute arbitrary commands with the user's privileges...
The Includer RCE Vulnerability
The Includer is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GLSA-200504-17 : XV: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200504-17 XV: Multiple vulnerabilities Greg Roelofs has reported multiple input validation errors in XV image decoders. Tavis Ormandy of the Gentoo Linux Security Audit Team has reported insufficient validation in the PDS Planetar...
Debian DSA-695-1 : xli - buffer overflow, input sanitising, integer overflow
Several vulnerabilities have been discovered in xli, an image viewer for X11. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2001-0775 A buffer overflow in the decoder for FACES format images could be exploited by an attacker to execute arbitrary code...
Debian DSA-694-1 : xloadimage - missing input sanitising, integer overflow
Several vulnerabilities have been discovered in xloadimage, an image viewer for X11. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-0638 Tavis Ormandy of the Gentoo Linux Security Audit Team has reported a flaw in the handling of compressed images,...
LHa: Multiple vulnerabilities
Background LHa is a console-based program for packing and unpacking LHarc archives. Description The command line argument as well as the archive parsing code of LHa lack sufficient bounds checking. Furthermore, a shell meta character command execution vulnerability exists in LHa, since it does no...