FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
8091fcea-f35e-11d8-81b0-000347a4fa7d	a2ps -- insecure command line argument handling Rudolf Polzer reports: a2ps builds a command line for file() containing an unescaped version of the file name, thus might call external programs described by the file name. Running a cronjob over a public writable directory a2ps-ing all files in it - or simply typing "a2ps *.txt" in /tmp - is therefore dangerous. Discovery 2004-08-18 Entry 2004-10-20 Modified 2004-12-30 a2ps-a4 < 4.13b_2 a2ps-letter < 4.13b_2 a2ps-letterdj < 4.13b_2 CVE-2004-1170 ports/70618 11025 http://www.osvdb.org/9176 http://marc.theaimsgroup.com/?l=full-disclosure&m=109334851517137
9168253c-5a6d-11d9-a9e7-0001020eed82	a2ps -- insecure temporary file creation A Secunia Security Advisory reports that Javier FernÃ¡ndez-Sanguino PeÃ±a has found temporary file creation vulnerabilities in the fixps and psmandup scripts which are part of a2ps. These vulnerabilities could lead to an attacker overwriting arbitrary files with the credentials of the user running the vulnerable scripts. Discovery 2004-12-27 Entry 2004-12-30 Modified 2005-01-19 a2ps-a4 a2ps-letter a2ps-letterdj < 4.13b_3 CVE-2004-1377 12108 12109 http://secunia.com/advisories/13641/

VuXML ID

Description

8091fcea-f35e-11d8-81b0-000347a4fa7d

a2ps -- insecure command line argument handling

Rudolf Polzer reports:

a2ps builds a command line for file() containing an unescaped version of the file name, thus might call external programs described by the file name. Running a cronjob over a public writable directory a2ps-ing all files in it - or simply typing "a2ps *.txt" in /tmp - is therefore dangerous.

Discovery 2004-08-18
Entry 2004-10-20
Modified 2004-12-30
a2ps-a4

< 4.13b_2

a2ps-letter

< 4.13b_2

a2ps-letterdj

< 4.13b_2

CVE-2004-1170
ports/70618
11025
http://www.osvdb.org/9176
http://marc.theaimsgroup.com/?l=full-disclosure&m=109334851517137

9168253c-5a6d-11d9-a9e7-0001020eed82

a2ps -- insecure temporary file creation

A Secunia Security Advisory reports that Javier FernÃ¡ndez-Sanguino PeÃ±a has found temporary file creation vulnerabilities in the fixps and psmandup scripts which are part of a2ps. These vulnerabilities could lead to an attacker overwriting arbitrary files with the credentials of the user running the vulnerable scripts.

Discovery 2004-12-27
Entry 2004-12-30
Modified 2005-01-19
a2ps-a4
a2ps-letter
a2ps-letterdj

< 4.13b_3

CVE-2004-1377
12108
12109
http://secunia.com/advisories/13641/