7 results (0.015 seconds)

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

CVE-2021-38165 – lynx: Disclosure of HTTP authentication credentials via SNI data

https://notcve.org/view.php?id=CVE-2021-38165

Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. HTParse en Lynx versiones hasta 2.8.9, maneja inapropiadamente el subcomponente userinfo de un URI, que permite a atacantes remotos descubrir credenciales en texto sin cifrar porque pueden aparecer en los datos SNI o en los encabezados HTTP A flaw was found in the way lynx parsed URLs with userinfo part containing authentication credentials. These credentials were included in the Server Name Indication (SNI) TLS extension data and sent unencrypted during the TLS connection handshake. This could lead to exposure of authentication credentials to attackers able to eavesdrop on network connection between the lynx browser and the server. • http://www.openwall.com/lists/oss-security/2021/08/07/11 http://www.openwall.com/lists/oss-security/2021/08/07/12 http://www.openwall.com/lists/oss-security/2021/08/07/9 https://bugs.debian.org/991971 https://github.com/w3c/libwww/blob/f010b4cc58d32f34b162f0084fe093f7097a61f0/Library/src/HTParse.c#L118 https://lists.debian.org/debian-lts-announce/2021/08/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7YMUHFJJWTZ6HBHTYXVDPNZINGGURHDW • CWE-522: Insufficiently Protected Credentials •

CVSS: 4.6EPSS: 0%CPEs: 179EXPL: 1

CVE-2006-7234 – Lynx 2.8 - '.mailcap'/'.mime.type' Local Code Execution

https://notcve.org/view.php?id=CVE-2006-7234

Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory. Vulnerabilidad de ruta de búsqueda no confiable en Lynx anterior a 2.8.6rel.4; permite a usuarios locales ejecutar código de su elección a través de los ficheros maliciosos (1) .mailcap y (2) mime.types en el directorio de trabajo actual. • https://www.exploit-db.com/exploits/32530 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396949 http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html http://secunia.com/advisories/32407 http://secunia.com/advisories/32416 http://secunia.com/advisories/33568 http://www.mandriva.com/security/advisories?name=MDVSA-2008:217 http://www.openwall.com/lists/oss-security/2008/10/25/3 http://www.redhat.com/support/errata/RHSA-2008-0965.html http://www.sec •

CVSS: 10.0EPSS: 1%CPEs: 176EXPL: 0

CVE-2008-4690 – lynx: remote arbitrary command execution via a crafted lynxcgi: URL

https://notcve.org/view.php?id=CVE-2008-4690

lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler. lynx v2.8.6dev.15 y anteriores, cuando está activado el modo avanzado y lynx está configurado como manejador de URL, permite a atacantes remotos ejecutar comandos de su elección a través de un lynxcgi: URL manipulado. Cuestión relacionada con el CVE-2005-2929. NOTA: se trata de una vulnerabilidad únicamente en algunos desarrollos que tienen definido un lynxcgi: handler. • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html http://secunia.com/advisories/32416 http://secunia.com/advisories/32967 http://secunia.com/advisories/33568 http://www.mandriva.com/security/advisories?name=MDVSA-2008:217 http://www.mandriva.com/security/advisories?name=MDVSA-2008:218 http://www.openwall.com/lists/oss-security/2008/10/09/2 http://www.redhat.com/support/errata/RHSA-2008-0965.html http://www.securitytracker.com/id?1021105 https://exchang • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0

CVE-2005-2929 – lynx arbitrary command execution

https://notcve.org/view.php?id=CVE-2005-2929

Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.55/SCOSA-2005.55.txt http://secunia.com/advisories/17372 http://secunia.com/advisories/17512 http://secunia.com/advisories/17546 http://secunia.com/advisories/17556 http://secunia.com/advisories/17576 http://secunia.com/advisories/17666 http://secunia.com/advisories/17757 http://secunia.com/advisories/18051 http://secunia.com/advisories/18376 http • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.8EPSS: 4%CPEs: 3EXPL: 1

CVE-2005-3120 – Lynx 2.8.6dev.13 - Remote Buffer Overflow (PoC)

https://notcve.org/view.php?id=CVE-2005-3120

Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters. • https://www.exploit-db.com/exploits/1256 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47/SCOSA-2005.47.txt http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://secunia.com/advisories/17150 http://secunia.com/advisories/17216 http://secunia.com/advisories/17230 http://secunia.com/advisories/1723 • CWE-131: Incorrect Calculation of Buffer Size •