CVE-2005-3120 – Lynx 2.8.6dev.13 - Remote Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2005-3120
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters. • https://www.exploit-db.com/exploits/1256 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47/SCOSA-2005.47.txt http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://secunia.com/advisories/17150 http://secunia.com/advisories/17216 http://secunia.com/advisories/17230 http://secunia.com/advisories/1723 • CWE-131: Incorrect Calculation of Buffer Size •
CVE-2004-1617
https://notcve.org/view.php?id=CVE-2004-1617
Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value. • http://lcamtuf.coredump.cx/mangleme/gallery http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html http://marc.info/?l=bugtraq&m=109811406620511&w=2 http://secunia.com/advisories/20383 http://securitytracker.com/id?1011809 http://www.debian.org/security/2006/dsa-1076 http://www.debian.org/security/2006/dsa-1077 http://www.debian.org/security/2006/dsa-1085 http://www.securityfocus.com/archive/1/435689/30/4740/threaded http://www.securityfocus.com/ • CWE-20: Improper Input Validation •
CVE-2002-1405 – Lynx 2.8.x - Command Line URL CRLF Injection
https://notcve.org/view.php?id=CVE-2002-1405
CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters. Vulnerabilidad de inyección de CRLF en Lynx 2.8.4 y anteriores permite a atacantes remotos inyectar cabeceras HTTP falsas en una petición http provista en la linea de comandos, mediante una URL conteniendo un retorno de carro codificado, salto de línea, y otros caractéres espacio en blanco. • https://www.exploit-db.com/exploits/21722 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt http://marc.info/?l=bugtraq&m=102978118411977&w=2 http://marc.info/?l=bugtraq&m=103003793418021&w=2 http://www.debian.org/security/2002/dsa-210 http://www.iss.net/security_center/static/9887.php http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023 http://www.redhat.com/support/errata/RHSA-2003-029.html http://www.redhat.com/support/errata •
CVE-2000-0209
https://notcve.org/view.php?id=CVE-2000-0209
Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page. • http://www.securityfocus.com/bid/1012 •
CVE-1999-1549
https://notcve.org/view.php?id=CVE-1999-1549
Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands. • http://marc.info/?l=bugtraq&m=94286509804526&w=2 http://www.securityfocus.com/bid/804 • CWE-346: Origin Validation Error •