Computer Security
[EN] securityvulns.ru no-pyccku


python-PGP code execution
Published:14.06.2014
Source:
SecurityVulns ID:13837
Type:library
Threat Level:
5/10
Description:Shell injections.
Affected:PYTHON : python-gnupg 2.3
CVE:CVE-2013-7329 (The CGI::Application module 4.50 and earlier for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via vectors related to the dump_html function.)
 CVE-2013-7328 (Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive information via an imagecrop function call with a negative value for the (1) x or (2) y dimension, a different vulnerability than CVE-2013-7226.)
 CVE-2013-7327 (The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226.)
 CVE-2013-7323 (python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2946-1] python-gnupg security update (14.06.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod