2 results (0.009 seconds)

CVSS: 7.5EPSS: 1%CPEs: 31EXPL: 0

diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter. El archivo diatheke.pl en SWORD Project Diatheke versión 1.5.9 y anteriores, permite a los atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres shell en el parámetro range. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466449 http://secunia.com/advisories/25400 http://secunia.com/advisories/29012 http://secunia.com/advisories/29115 http://secunia.com/advisories/29181 http://security.gentoo.org/glsa/glsa-200803-06.xml http://www.debian.org/security/2008/dsa-1508 http://www.securityfocus.com/bid/27874 http://www.securityfocus.com/bid/27987 http://www.vupen.com/english/advisories/2008/0670/references https://bugzilla.redhat.com/show_bug&# • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

diatheke.pl in Sword 1.5.7a allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. • http://secunia.com/advisories/13897 http://secunia.com/advisories/13941 http://securitytracker.com/id?1012955 http://www.debian.org/security/2005/dsa-650 http://www.securityfocus.com/bid/12320 https://exchange.xforce.ibmcloud.com/vulnerabilities/18997 •