CVSS: 9.8EPSS: 56%CPEs: 8EXPL: 3CVE-2014-4877 – wget: FTP symlink arbitrary filesystem access
https://notcve.org/view.php?id=CVE-2014-4877
29 Oct 2014 — Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink. Vulnerabilidad de salto de ruta absoluta en GNU Wget anterior a 1.16, cuando la recursión esta habilitada, permite a servidores FTP remotos escribir a ficheros arbitrarios, y como consecuencia ... • https://packetstorm.news/files/id/180741 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.1EPSS: 0%CPEs: 18EXPL: 0CVE-2010-2252 – wget: multiple HTTP client download filename vulnerability [OCERT 2010-001]
https://notcve.org/view.php?id=CVE-2010-2252
06 Jul 2010 — GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. GNU Wget v1.12 y anteriores usan un nombre de fichero proporcionado por el servidor en lugar de... • http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00023.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 0CVE-2009-3490 – wget: incorrect verification of SSL certificate with NUL in name
https://notcve.org/view.php?id=CVE-2009-3490
30 Sep 2009 — GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. GNU Wget, en versiones anteriores a la 1.12 no maneja adecuadamente un caracter '\0' en un nombre de dominio, en el campo Common Name de una certificado X.509, lo cual permite a atacantes hombre-... • http://addictivecode.org/pipermail/wget-notify/2009-August/001808.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 3%CPEs: 12EXPL: 2CVE-2006-6719 – wget 1.10.2 - Unchecked Boundary Condition Denial of Service
https://notcve.org/view.php?id=CVE-2006-6719
23 Dec 2006 — The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command. La función ftp_syst en ftp-basic.c en Free Software Foundation (FSF) GNU wget 1.10.2 permite a un atacante remoto provocar denegación de servicio (caida de aplicación) a través de un servidor FTP malicioso con un gran número de respuestas 220 en blanco al coman... • https://www.exploit-db.com/exploits/2947 •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2005-3185
https://notcve.org/view.php?id=CVE-2005-3185
13 Oct 2005 — Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 3CVE-2004-1488 – GNU Wget 1.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-1488
15 Feb 2005 — wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code. wget 1.8.x y 1.9.x no filtra o pone comillas a caractéres de control cuando se muestran respuestas HTTP en el terminal, lo que puede permitir a servidores web maliciosos inyectar secuencias de escape y ejecutar código de su elección. • https://www.exploit-db.com/exploits/24813 •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 2CVE-2004-1487
https://notcve.org/view.php?id=CVE-2004-1487
15 Feb 2005 — wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences. wget 1.8.x y 1.9.x permite a un servidor web remoto malicioso sobreescribir ciertos ficheros mediante una redirección URL conteniendo un ".." que se resuelve como la dirección IP de un usuario malicioso, lo que se salta el filtrado de wget de secuencias "..". • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755 •
CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 2CVE-2004-2014 – WGet 1.x - Insecure File Creation Race Condition
https://notcve.org/view.php?id=CVE-2004-2014
31 Dec 2004 — Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded. • https://www.exploit-db.com/exploits/24123 •
CVSS: 7.5EPSS: 16%CPEs: 8EXPL: 0CVE-2002-1344
https://notcve.org/view.php?id=CVE-2002-1344
11 Dec 2002 — Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences. Vulnerabilidad de atravesamiento de directorios en wget anteriores a 1.8.2-4 permite a servidores FTP remotos la creación o sobreescritura de ficheros como usuario wget mediante nombres de ficheros que contengan: direccionamiento absoluto secuencias .. (punto punto) • ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-003.0.txt •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-1999-0402
https://notcve.org/view.php?id=CVE-1999-0402
02 Jan 1999 — wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself. • https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0402 •