Page 4 of 20 results (0.026 seconds)

CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 2

wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences. wget 1.8.x y 1.9.x permite a un servidor web remoto malicioso sobreescribir ciertos ficheros mediante una redirección URL conteniendo un ".." que se resuelve como la dirección IP de un usuario malicioso, lo que se salta el filtrado de wget de secuencias "..". • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755 http://marc.info/?l=bugtraq&m=110269474112384&w=2 http://securitytracker.com/id?1012472 http://www.redhat.com/support/errata/RHSA-2005-771.html http://www.securityfocus.com/bid/11871 https://exchange.xforce.ibmcloud.com/vulnerabilities/18420 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11682 https://usn.ubuntu.com/145-1 https://access.redhat.com/security/cve/CVE-2004-1487 https: •

CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 3

wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code. wget 1.8.x y 1.9.x no filtra o pone comillas a caractéres de control cuando se muestran respuestas HTTP en el terminal, lo que puede permitir a servidores web maliciosos inyectar secuencias de escape y ejecutar código de su elección. • https://www.exploit-db.com/exploits/24813 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755 http://marc.info/?l=bugtraq&m=110269474112384&w=2 http://secunia.com/advisories/20960 http://securitytracker.com/id?1012472 http://www.novell.com/linux/security/advisories/2006_16_sr.html http://www.redhat.com/support/errata/RHSA-2005-771.html http://www.securityfocus.com/bid/11871 https://exchange.xforce.ibmcloud.com/vulnerabilities/18421 https://oval.cisecurity.org/repository&# •

CVSS: 2.6EPSS: 0%CPEs: 9EXPL: 2

Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded. • https://www.exploit-db.com/exploits/24123 http://marc.info/?l=bugtraq&m=108481268725276&w=2 http://marc.info/?l=wget&m=108482747906833&w=2 http://marc.info/?l=wget&m=108483270227139&w=2 http://secunia.com/advisories/17399 http://www.mandriva.com/security/advisories?name=MDKSA-2005:204 http://www.redhat.com/support/errata/RHSA-2005-771.html http://www.securityfocus.com/bid/10361 https://exchange.xforce.ibmcloud.com/vulnerabilities/16167 https://oval.cisecurity.org/ •

CVSS: 5.0EPSS: 8%CPEs: 8EXPL: 0

Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences. Vulnerabilidad de atravesamiento de directorios en wget anteriores a 1.8.2-4 permite a servidores FTP remotos la creación o sobreescritura de ficheros como usuario wget mediante nombres de ficheros que contengan: direccionamiento absoluto secuencias .. (punto punto) • ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-003.0.txt http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000552 http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000552 http://marc.info/?l=bugtraq&m=103962838628940&w=2 http://marc.info/?l=bugtraq&m=104033016703851&w=2 http://www.ciac.org/ciac/bulletins/n-022.shtml http://www.iss.net/security_center/static/10820.php http://w •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself. • https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0402 •