Lucene search
K

284 matches found

CERT
CERT
added 2014/10/28 12:0 a.m.36 views

GNU Wget creates arbitrary symbolic links during recursive FTP download

Overview GNU wget allows arbitrary filesystem access when creating symbolic links during a recursive FTP download. This allows an attacker to overwrite files with the permissions of the user running wget. Description CWE-59:CWE-59: Improper Link Resolution Before File Access 'Link Following' Wget...

9.3CVSS6.3AI score0.39883EPSS
Exploits4References7
OpenVAS
OpenVAS
added 2014/02/11 12:0 a.m.24 views

RedHat Update for wget RHSA-2014:0151-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.5AI score0.04214EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/02/11 12:0 a.m.33 views

RHEL 6 : wget (RHSA-2014:0151)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2014:0151 advisory. The wget package provides the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Wget provides various useful features, such as the...

6.8CVSS7.2AI score0.04214EPSS
Exploits0References6
Check Point Advisories
Check Point Advisories
added 2014/02/03 12:0 a.m.2 views

GNU Wget Arbitrary File Download

GNU Wget is a computer program that allows users to retrieve content from web servers. The program can be used by attackers to download arbitrary files via a specially crafted HTTP request...

6.9AI score
Exploits0
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.22 views

CentOS Update for wget CESA-2009:1549 centos4 i386

Check for the Version of wget OpenVAS Vulnerability Test CentOS Update for wget CESA-2009:1549 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

6.8CVSS5.9AI score0.03517EPSS
Exploits1References2
OSV
OSV
added 2010/07/06 5:17 p.m.9 views

CVE-2010-2252

GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL wit...

7.1AI score
Exploits0References18
Cvelist
Cvelist
added 2010/07/06 2:0 p.m.23 views

CVE-2010-2252

GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL wit...

7AI score0.04214EPSS
Exploits0References18
CVE
CVE
added 2010/07/06 2:0 p.m.150 views

CVE-2010-2252

CVE-2010-2252 affects GNU Wget 1.12 and earlier, where a 3xx redirect process can cause a server-provided filename to be used for destination files, potentially leading to arbitrary file writes or code execution via dotfiles in a home directory. Connected docs confirm affected package versions an...

6.8CVSS7.2AI score0.04214EPSS
Exploits0References18Affected Software1
Debian CVE
Debian CVE
added 2010/07/06 2:0 p.m.21 views

CVE-2010-2252

GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL wit...

6.8CVSS5.1AI score0.04214EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2010/07/06 12:0 a.m.23 views

CVE-2010-2252

GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL wit...

6.8CVSS7.1AI score0.04214EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2010/06/09 12:0 a.m.39 views

wget -- multiple HTTP client download filename vulnerability

GNU Wget version 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a...

6.8CVSS7.2AI score0.04214EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2009/12/10 12:0 a.m.37 views

Mandriva Security Advisory MDVSA-2009:206-1 (wget)

The remote host is missing an update to wget announced via advisory MDVSA-2009:206-1. OpenVAS Vulnerability Test $Id: mdksa20092061.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:206-1 wget Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...

6.8CVSS0.6AI score0.05741EPSS
Exploits5
Fedora
Fedora
added 2009/12/03 4:56 a.m.37 views

[SECURITY] Fedora 11 Update: wget-1.12-2.fc11

GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest wit...

6.8CVSS1AI score0.03517EPSS
Exploits1
OpenVAS
OpenVAS
added 2009/11/11 12:0 a.m.18 views

RedHat Security Advisory RHSA-2009:1549

The remote host is missing updates announced in advisory RHSA-2009:1549. GNU Wget is a file retrieval utility that can use HTTP, HTTPS, and FTP. Daniel Stenberg reported that Wget is affected by the previously published null prefix attack, caused by incorrect handling of NULL characters in X.509...

6.8CVSS0.03517EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2009/11/11 12:0 a.m.15 views

RedHat Security Advisory RHSA-2009:1549

The remote host is missing updates announced in advisory RHSA-2009:1549. GNU Wget is a file retrieval utility that can use HTTP, HTTPS, and FTP. Daniel Stenberg reported that Wget is affected by the previously published null prefix attack, caused by incorrect handling of NULL characters in X.509...

6.8CVSS6AI score0.03517EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2009/11/03 8:0 p.m.29 views

Moderate: Red Hat Security Advisory: wget security update

An updated wget package that fixes a security issue is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GNU Wget is a file retrieval utility that can use HTTP, HTTPS, and FTP. Daniel Stenbe...

6.8CVSS5.7AI score0.03517EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2009/10/27 12:0 a.m.30 views

GNU Wget SSL Certificate Security Bypass

Binary data 5212.prm...

6.8CVSS7.3AI score0.03517EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2009/10/27 12:0 a.m.26 views

GNU Wget SSL Certificate Security Bypass

Binary data 800981.prm...

6.8CVSS7.3AI score0.03517EPSS
Exploits1References2
OSV
OSV
added 2009/09/30 3:30 p.m.10 views

CVE-2009-3490

GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issu...

5.6AI score
Exploits0References11
UbuntuCve
UbuntuCve
added 2009/09/30 3:30 p.m.27 views

CVE-2009-3490

GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issu...

6.8CVSS7AI score0.03517EPSS
Exploits1References2
Rows per page
Query Builder