CVE-2004-1488 – GNU Wget 1.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-1488
wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code. wget 1.8.x y 1.9.x no filtra o pone comillas a caractéres de control cuando se muestran respuestas HTTP en el terminal, lo que puede permitir a servidores web maliciosos inyectar secuencias de escape y ejecutar código de su elección. • https://www.exploit-db.com/exploits/24813 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755 http://marc.info/?l=bugtraq&m=110269474112384&w=2 http://secunia.com/advisories/20960 http://securitytracker.com/id?1012472 http://www.novell.com/linux/security/advisories/2006_16_sr.html http://www.redhat.com/support/errata/RHSA-2005-771.html http://www.securityfocus.com/bid/11871 https://exchange.xforce.ibmcloud.com/vulnerabilities/18421 https://oval.cisecurity.org/repository •
CVE-2004-2014 – WGet 1.x - Insecure File Creation Race Condition
https://notcve.org/view.php?id=CVE-2004-2014
Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded. • https://www.exploit-db.com/exploits/24123 http://marc.info/?l=bugtraq&m=108481268725276&w=2 http://marc.info/?l=wget&m=108482747906833&w=2 http://marc.info/?l=wget&m=108483270227139&w=2 http://secunia.com/advisories/17399 http://www.mandriva.com/security/advisories?name=MDKSA-2005:204 http://www.redhat.com/support/errata/RHSA-2005-771.html http://www.securityfocus.com/bid/10361 https://exchange.xforce.ibmcloud.com/vulnerabilities/16167 https://oval.cisecurity.org/ •