CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2005-1228
https://notcve.org/view.php?id=CVE-2005-1228
22 Apr 2005 — Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2005-1111
https://notcve.org/view.php?id=CVE-2005-1111
16 Apr 2005 — Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1039
https://notcve.org/view.php?id=CVE-2005-1039
10 Apr 2005 — Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files. • http://www.securityfocus.com/bid/13053 •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0990
https://notcve.org/view.php?id=CVE-2005-0990
06 Apr 2005 — unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412 •
CVSS: 6.3EPSS: 1%CPEs: 104EXPL: 0CVE-2005-0988
https://notcve.org/view.php?id=CVE-2005-0988
06 Apr 2005 — Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 3CVE-2004-1488 – GNU Wget 1.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-1488
15 Feb 2005 — wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code. wget 1.8.x y 1.9.x no filtra o pone comillas a caractéres de control cuando se muestran respuestas HTTP en el terminal, lo que puede permitir a servidores web maliciosos inyectar secuencias de escape y ejecutar código de su elección. • https://www.exploit-db.com/exploits/24813 •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 2CVE-2004-1487
https://notcve.org/view.php?id=CVE-2004-1487
15 Feb 2005 — wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences. wget 1.8.x y 1.9.x permite a un servidor web remoto malicioso sobreescribir ciertos ficheros mediante una redirección URL conteniendo un ".." que se resuelve como la dirección IP de un usuario malicioso, lo que se salta el filtrado de wget de secuencias "..". • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2005-0202
https://notcve.org/view.php?id=CVE-2005-0202
09 Feb 2005 — Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences. • http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2005-0100
https://notcve.org/view.php?id=CVE-2005-0100
07 Feb 2005 — Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets. • http://marc.info/?l=bugtraq&m=110780416112719&w=2 •
CVSS: 9.1EPSS: 1%CPEs: 59EXPL: 0CVE-2004-1184
https://notcve.org/view.php?id=CVE-2004-1184
21 Jan 2005 — The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html •