26 matches found
EUVD-2010-0034
Malware in sbrugna...
EUVD-2021-20180
Malware in sbrugna...
CVE-2023-1523
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others...
CVE-2023-1523
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others...
CVE-2023-1523
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others...
GHSA-JQ43-Q8MX-R7MQ SwiftTerm Code Injection vulnerability
Impact Attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Credit These...
SUSE CVE-2003-0020
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...
CVE-2020-7694
This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its details to either the console or a log file. When attackers request craft...
CVE-2020-8445
In OSSEC-HIDS 2.7 through 3.5.0, the OSCleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines \n are permitted in messages processed by ossec-analysisd, i...
Design/Logic Flaw
In OSSEC-HIDS 2.7 through 3.5.0, the OSCleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines \n are permitted in messages processed by ossec-analysisd, i...
[slackware-security] poppler (SSA:2013-233-03)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security poppler SSA:2013-233-03 New poppler packages are available for Slackware 14.0, and -current to fix a security issue. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+...
Apache Httpd < 2.0.65 : mod_rewrite log escape filtering
modrewrite does not filter terminal escape sequences from logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...
Apache Httpd < 2.2.25 : mod_rewrite log escape filtering
modrewrite does not filter terminal escape sequences from logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...
Code injection
The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LSOPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename...
CVE-2010-0002
The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LSOPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename...
CVE-2010-0002
The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LSOPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename...
CVE-2010-0002
The Red Hat/Mandriva family advisories confirm CVE-2010-0002 affects Mandriva’s Bash packages where /etc/profile.d/60alias.sh enables --show-control-chars in LS_OPTIONS, allowing local users to craft filenames that inject terminal escape sequences or hide files. Impact is local, with potential di...
Apache Error Log Escape Sequence Injection
The target is running an Apache web server which allows for the injection of arbitrary escape sequences into its error logs. An attacker might use this vulnerability in an attempt to exploit similar vulnerabilities in terminal emulators. OpenVAS has determined the vulnerability exists only by...
Multiple Apple MacOS X vulnerabilities
NeST buffer overflow. Выполнение javascript in local context with Help Viewer, insufficient input balidation in URL Protocol Messaging, insufficient input validation in x-man-path:, insufficient input validation in terminal emulators. Multiple bluetooth vulnerabilities. vpnd buffer overflow...
Mandrake Linux Security Advisory : rxvt (MDKSA-2003:034)
Digital Defense Inc. released a paper detailing insecurities in various terminal emulators, including rxvt. Many of the features supported by these programs can be abused when untrusted data is displayed on the screen. This abuse can be anything from garbage data being displayed to the screen or ...