CVSS: 10.0EPSS: 1%CPEs: 176EXPL: 0CVE-2008-4690 – lynx: remote arbitrary command execution via a crafted lynxcgi: URL
https://notcve.org/view.php?id=CVE-2008-4690
lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler. lynx v2.8.6dev.15 y anteriores, cuando está activado el modo avanzado y lynx está configurado como manejador de URL, permite a atacantes remotos ejecutar comandos de su elección a través de un lynxcgi: URL manipulado. Cuestión relacionada con el CVE-2005-2929. NOTA: se trata de una vulnerabilidad únicamente en algunos desarrollos que tienen definido un lynxcgi: handler. • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html http://secunia.com/advisories/32416 http://secunia.com/advisories/32967 http://secunia.com/advisories/33568 http://www.mandriva.com/security/advisories?name=MDVSA-2008:217 http://www.mandriva.com/security/advisories?name=MDVSA-2008:218 http://www.openwall.com/lists/oss-security/2008/10/09/2 http://www.redhat.com/support/errata/RHSA-2008-0965.html http://www.securitytracker.com/id?1021105 https://exchang • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2005-2929 – lynx arbitrary command execution
https://notcve.org/view.php?id=CVE-2005-2929
Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.55/SCOSA-2005.55.txt http://secunia.com/advisories/17372 http://secunia.com/advisories/17512 http://secunia.com/advisories/17546 http://secunia.com/advisories/17556 http://secunia.com/advisories/17576 http://secunia.com/advisories/17666 http://secunia.com/advisories/17757 http://secunia.com/advisories/18051 http://secunia.com/advisories/18376 http • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 4%CPEs: 3EXPL: 1CVE-2005-3120 – Lynx 2.8.6dev.13 - Remote Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2005-3120
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters. • https://www.exploit-db.com/exploits/1256 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47/SCOSA-2005.47.txt http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://secunia.com/advisories/17150 http://secunia.com/advisories/17216 http://secunia.com/advisories/17230 http://secunia.com/advisories/1723 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 5.0EPSS: 2%CPEs: 16EXPL: 1CVE-2004-1617
https://notcve.org/view.php?id=CVE-2004-1617
Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value. • http://lcamtuf.coredump.cx/mangleme/gallery http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html http://marc.info/?l=bugtraq&m=109811406620511&w=2 http://secunia.com/advisories/20383 http://securitytracker.com/id?1011809 http://www.debian.org/security/2006/dsa-1076 http://www.debian.org/security/2006/dsa-1077 http://www.debian.org/security/2006/dsa-1085 http://www.securityfocus.com/archive/1/435689/30/4740/threaded http://www.securityfocus.com/ • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 4%CPEs: 9EXPL: 1CVE-2002-1405 – Lynx 2.8.x - Command Line URL CRLF Injection
https://notcve.org/view.php?id=CVE-2002-1405
CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters. Vulnerabilidad de inyección de CRLF en Lynx 2.8.4 y anteriores permite a atacantes remotos inyectar cabeceras HTTP falsas en una petición http provista en la linea de comandos, mediante una URL conteniendo un retorno de carro codificado, salto de línea, y otros caractéres espacio en blanco. • https://www.exploit-db.com/exploits/21722 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt http://marc.info/?l=bugtraq&m=102978118411977&w=2 http://marc.info/?l=bugtraq&m=103003793418021&w=2 http://www.debian.org/security/2002/dsa-210 http://www.iss.net/security_center/static/9887.php http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023 http://www.redhat.com/support/errata/RHSA-2003-029.html http://www.redhat.com/support/errata&#x •