CVSS: 8.8EPSS: 95%CPEs: 10EXPL: 7CVE-2016-4971 – GNU Wget < 1.18 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2016-4971
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. GNU wget en versiones anteriores a 1.18 permite a servidores remotos escribir archivos arbitrarios redirigiendo una petición desde HTTP a una fuente FTP manipulada. It was found that wget used a file name provided by the server for the downloaded file when following a HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client. GNU Wget versions prior to 1.18 suffer from an arbitrary file upload vulnerability that may allow for remote code execution. • https://www.exploit-db.com/exploits/49815 https://www.exploit-db.com/exploits/40064 https://github.com/gitcollect/CVE-2016-4971 https://github.com/mbadanoiu/CVE-2016-4971 https://github.com/dinidhu96/IT19013756_-CVE-2016-4971- http://git.savannah.gnu.org/cgit/wget.git/commit/?id=e996e322ffd42aaa051602da182d03178d0f13e1 http://lists.gnu.org/archive/html/info-gnu/2016-06/msg00004.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00043.html http://packetstormsecurity.com/files • CWE-73: External Control of File Name or Path •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2016-3706
https://notcve.org/view.php?id=CVE-2016-3706
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. Desbordamiento del buffer basado en pila en la función getaddrinfo en sysdeps/posix/getaddrinfo.c en GNU C Library (también conocida como glibc o libc6) permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores relacionados con la conversión hostent. NOTA: esta vulnerabilidad existe debido a una reparación incompleta de CVE-2013-4458. • http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html http://www-01.ibm.com/support/docview.wss?uid=swg21995039 http://www.securityfocus.com/bid/102073 http://www.securityfocus.com/bid/88440 https://source.android.com/security/bulletin/2017-12-01 https://sourceware.org/bugzilla/show_bug.cgi?id=20010 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2016-4429
https://notcve.org/view.php?id=CVE-2016-4429
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets. Desbordamiento del buffer basado en pila en la función clntudp_call en sunrpc/clnt_udp.c en GNU C Library (también conocida como glibc o libc6) permite a atacantes remotos provocar una denegación del servicio (caída) o posiblemente tener otro impacto no especificado a través de una inundación de paquetes ICMP y UDP manipulados. • http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html http://www-01.ibm.com/support/docview.wss?uid=swg21995039 http://www.securityfocus.com/bid/102073 https://lists.debian.org/debian-lts-announce/2020/06/msg00027.html https://source.android.com/security/bulletin/2017-12-01 https://sourceware.org/bugzilla/show_bug.cgi?id=20112 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=bc779a1a5b3035133024b21e2f339fe4219fb11c • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2016-1234 – Moxa Command Injection / Cross Site Scripting / Vulnerable Software
https://notcve.org/view.php?id=CVE-2016-1234
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name. Desbordamiento de buffer basado en pila en la implementación glob en GNU C Library (también conocido como glibc) en versiones anteriores a 2.24, cuando es usado GLOB_ALTDIRFUNC, permite a atacantes dependientes de contexto provocar una denegación de servicio (caída) a través de un nombre largo. Many Moxa devices suffer from command injection, cross site scripting, and outdated software vulnerabilities. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html http://seclists.org/fulldisclosure/2021/Sep/0 http://www.openwall.com/lists/oss-security/2016/03/07/16 http://www.securityfocus.com/bid/84204 https://lists.apache.org/thread.ht • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 23%CPEs: 9EXPL: 0CVE-2016-4008
https://notcve.org/view.php?id=CVE-2016-4008
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. La función _asn1_extract_der_octet en lib/decoding.c en GNU Libtasn1 en versiones anteriores a 4.8, cuando se utiliza sin el indicador ASN1_DECODE_FLAG_STRICT_DER, permite a atacantes remotos provocar una denegación de servicio (recursión infinita) a través de un certificado manipulado. • http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625 http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=f435825c0f527a8e52e6ffbc3ad0bc60531d537e http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182299.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182907.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183221.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html http:/ • CWE-399: Resource Management Errors •