Gentoo Linux Security Advisory GLSA 200803-06 - Dan Dennison reported that the diatheke.pl script used in SWORD does not properly sanitize shell meta-characters in the range parameter before processing it. Versions less than 1.5.8-r2 are affected.
c8bc2b7e6619ade75968c68eb7676dcec993436979f74be22a3a2823efe67858
Debian Security Advisory 1508-1 - Dan Dennison discovered that Diatheke, a CGI program to make a bible website, performs insufficient sanitising of a parameter, allowing a remote attacker to execute arbitrary shell commands as the web server user.
bb11c3a3ef0a07cb04f25dbc195232a76773ead10aa5bf786069d5aeac14a102