MiracleLinux 3 : lftp-3.7.11-4AXS3 (AXSA:2009-390:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2009-390:01 advisory. LFTP is a sophisticated ftp/http file transfer program. Like bash, it has job control and uses the readline library for input. It has bookmarks, built-in...

Linux Distros Unpatched Vulnerability : CVE-2007-2348

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands vi...

Oracle Linux 5 : lftp (ELSA-2009-1278)

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2009-1278 advisory. - Resolves: 239334 solves CVE-2007-2348 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...

Oracle: Security Advisory (ELSA-2009-1278)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : lftp on SL5.x i386/x86_64

CVE-2007-2348 lftp mirror --script does not escape names and targets of symbolic links It was discovered that lftp did not properly escape shell metacharacters when generating shell scripts using the 'mirror --script' command. A mirroring script generated to download files from a malicious FTP...

CentOS 5 : lftp (CESA-2009:1278)

An updated lftp package that fixes one security issue and various bugs is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. LFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Lik...

CentOS Security Advisory CESA-2009:1278 (lftp)

The remote host is missing updates to lftp announced in advisory CESA-2009:1278. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

lftp security update

CentOS Errata and Security Advisory CESA-2009:1278 An updated lftp package that fixes one security issue and various bugs is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. LFTP is a sophisticated file...

lftp security and bug fix update

3.7.11-4 - Resolves: 461922 - lftp 'help mirror' does not display all options defined in manpage 3.7.11-3 - Resolves: 504594 - Alias ''edit' has multiple flaws 3.7.11-2 - Resolves: 504591 - Problems with spaces in file names over HTTP - Resolves: 504594 - Alias ''edit' has multiple flaws 3.7.11-1...

Low: Red Hat Security Advisory: lftp security and bug fix update

An updated lftp package that fixes one security issue and various bugs is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. LFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Lik...

CVE-2007-2348

mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands su...

CVE-2007-2348

mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands su...

CVE-2007-2348

mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands su...

CVE-2007-2348

mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands su...

CVE-2007-2348

CVE-2007-2348 affects lftp versions prior to 3.5.9, where the command prefix mirror --script does not properly quote shell metacharacters. This can allow a remote attacker controlling a malicious FTP server to run arbitrary commands via a crafted script. Several connected advisories note that upd...

CVE-2007-2348

mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands su...