CVE-2008-7224 – elinks: entity_cache static array buffer overflow (off-by-one)
https://notcve.org/view.php?id=CVE-2008-7224
Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows remote attackers to cause a denial of service (crash) via a crafted link. Desbordamiento de búfer en entity_cache de ELinks anterior a v0.11.4rc0, permite a atacantes remotos provocar una denegación de servicio (caída) a través de un enlace manipulado. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380347 http://linuxfromscratch.org/pipermail/elinks-users/2008-February/001604.html http://osvdb.org/41949 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10126 https://access.redhat.com/security/cve/CVE-2008-7224 https://bugzilla.redhat.com/show_bug.cgi?id=523258 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-193: Off-by-one Error •
CVE-2007-5034 – elinks reveals POST data to HTTPS proxy
https://notcve.org/view.php?id=CVE-2007-5034
ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https. ELinks anterior a la versión 0.11.3, cuando envía una petición POST para un URL https, añade el cuerpo y cabeceras de contenido de la petición POST a la petición CONNECT en texto plano, lo que permite a atacantes remotos recoger (sniff) datos sensible que deberían de haberse protegido con TLS. NOTA: esta vulnerabilidad sólo ocurre cuando el proxy está definido por https. • http://bugzilla.elinks.cz/show_bug.cgi?id=937 http://secunia.com/advisories/26936 http://secunia.com/advisories/26949 http://secunia.com/advisories/26956 http://secunia.com/advisories/27038 http://secunia.com/advisories/27062 http://secunia.com/advisories/27125 http://secunia.com/advisories/27132 http://www.debian.org/security/2007/dsa-1380 http://www.redhat.com/support/errata/RHSA-2007-0933.html http://www.securityfocus.com/archive/1/481606/100/0/threaded http:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2006-5925 – Links_ ELinks 'smbclient' - Remote Command Execution
https://notcve.org/view.php?id=CVE-2006-5925
Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements. Los navegadores web Links 1.00pre12 y Elinks 0.9.2 con smbclient instalado permite a atacantes remotos ejecutar código arbitrario a través de metacaracteres del shell en un smb:// URI, como se ha demostrado mediante el uso de las sentencias PUT y GET. • https://www.exploit-db.com/exploits/29033 https://www.exploit-db.com/exploits/2784 http://bugzilla.elinks.cz/show_bug.cgi?id=841 http://marc.info/?l=full-disclosure&m=116355556512780&w=2 http://secunia.com/advisories/22905 http://secunia.com/advisories/22920 http://secunia.com/advisories/22923 http://secunia.com/advisories/23022 http://secunia.com/advisories/23132 http://secunia.com/advisories/23188 http://secunia.com/advisories/23234 http://secunia.com/advisories •