[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253164

 
 

909

 
 

197077

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2005-4601Date: (C)2005-12-31   (M)2023-12-22


The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-16093
SECUNIA-18261
SECUNIA-18607
SECUNIA-18631
SECUNIA-18871
SECUNIA-19183
SECUNIA-19408
20060301-01-U
http://www.securityfocus.com/archive/1/452718/100/100/threaded
OSVDB-22121
SECUNIA-23090
SUNALERT-231321
SECUNIA-28800
ADV-2008-0412
DSA-957
MDKSA-2006:024
RHSA-2006:0178
SSA:2006-045-03
SUSE-SR:2006:006
USN-246-1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345238
https://issues.rpath.com/browse/RPL-389
imagemagick-filename-command-injection(23927)
oval:org.mitre.oval:def:10353

CPE    1
cpe:/a:imagemagick:imagemagick:6.2.4.5

© SecPod Technologies