Vulnerabilities > CVE-2006-5869 - Unspecified vulnerability in Pstotext 1.9

047910
CVSS 5.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
high complexity
pstotext
nessus

Summary

pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name.

Vulnerable Configurations

Part Description Count
Application
Pstotext
1

Nessus

NASL familyDebian Local Security Checks
NASL idDEBIAN_DSA-1220.NASL
descriptionBrian May discovered that pstotext, a utility to extract plain text from Postscript and PDF files, performs insufficient quoting of file names, which allows execution of arbitrary shell commands.
last seen2020-06-01
modified2020-06-02
plugin id23737
published2006-11-28
reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/23737
titleDebian DSA-1220-1 : pstotext - insecure file name quoting