Lucene search
MitreCVELIST:CVE-2010-2251HistoryJul 06, 2010 - 2:00 p.m.
CVE-2010-2251
2010-07-0614:00:00
mitre
raw.githubusercontent.com
1
The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
Related
nessus
nessus
Debian DSA-2085-1 : lftp - missing input validation
2010-08-05 00:00:00
openSUSE Security Update : lftp (openSUSE-SU-2010:0334-1)
2010-06-23 00:00:00
Scientific Linux Security Update : lftp for SL 5
2012-08-01 00:00:00
openvas
openvas
Mandriva Update for lftp MDVSA-2010:128 (lftp)
2010-07-12 00:00:00
Mandriva Update for epiphany MDVA-2010:128-1 (epiphany)
2010-04-29 00:00:00
CentOS Update for lftp CESA-2010:0585 centos5 i386
2011-08-09 00:00:00
securityvulns
securityvulns
[ MDVSA-2010:128 ] lftp
2010-07-08 00:00:00
lftp file overwrite
2010-07-08 00:00:00
centos
centos
lftp security update
2010-08-03 00:39:46
oraclelinux
oraclelinux
lftp security update
2010-08-02 00:00:00
ubuntu
ubuntu
LFTP vulnerability
2010-09-07 00:00:00
cve
cve
CVE-2010-2251
2010-07-06 17:17:13
prion
prion
Command injection
2010-07-06 17:17:00
fedora
fedora
[SECURITY] Fedora 12 Update: lftp-4.0.8-1.fc12
2010-06-30 15:10:05
ubuntucve
ubuntucve
CVE-2010-2251
2010-07-06 00:00:00
redhat
redhat
(RHSA-2010:0585) Moderate: lftp security update
2010-08-02 00:00:00
freebsd
freebsd
lftp -- multiple HTTP client download filename vulnerability
2010-06-09 00:00:00
debiancve
debiancve
CVE-2010-2251
2010-07-06 17:17:13
debian
debian
[SECURITY] [DSA 2085-1] New lftp packages fix file overwrite vulnerability
2010-08-03 17:44:53
gentoo
gentoo
Multiple packages, Multiple vulnerabilities fixed in 2010
2014-12-11 00:00:00