CVE-2008-0932
https://notcve.org/view.php?id=CVE-2008-0932
diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter. El archivo diatheke.pl en SWORD Project Diatheke versión 1.5.9 y anteriores, permite a los atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres shell en el parámetro range. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466449 http://secunia.com/advisories/25400 http://secunia.com/advisories/29012 http://secunia.com/advisories/29115 http://secunia.com/advisories/29181 http://security.gentoo.org/glsa/glsa-200803-06.xml http://www.debian.org/security/2008/dsa-1508 http://www.securityfocus.com/bid/27874 http://www.securityfocus.com/bid/27987 http://www.vupen.com/english/advisories/2008/0670/references https://bugzilla.redhat.com/show_bug • CWE-20: Improper Input Validation •
CVE-2005-0015
https://notcve.org/view.php?id=CVE-2005-0015
diatheke.pl in Sword 1.5.7a allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. • http://secunia.com/advisories/13897 http://secunia.com/advisories/13941 http://securitytracker.com/id?1012955 http://www.debian.org/security/2005/dsa-650 http://www.securityfocus.com/bid/12320 https://exchange.xforce.ibmcloud.com/vulnerabilities/18997 •