SUSE CVE-2005-2929

Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via 1 lynxcgi:, 2 lynxexec, and 3 lynxprog links, which are not properly restricted in the default configuration in some environments...

SUSE CVE-2008-4690

lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have define...

Scientific Linux Security Update : lynx on SL3.x, SL4.x, SL5.x i386/x86_64

An arbitrary command execution flaw was found in the Lynx 'lynxcgi:' URI handler. An attacker could create a web page redirecting to a malicious URL that could execute arbitrary code as the user running Lynx in the non-default 'Advanced' user mode. CVE-2008-4690 Note: In these updated lynx...

GLSA-200909-15 : Lynx: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-200909-15 Lynx: Arbitrary command execution Clint Ruoho reported that the fix for CVE-2005-2929 GLSA 200511-09 only disabled the lynxcgi:// handler when not using the advanced mode. Impact : A remote attacker can entice a user to...

Lynx: Arbitrary command execution

Background Lynx is a fully-featured WWW client for users running cursor-addressable, character-cell display devices such as vt100 terminals and terminal emulators. Description Clint Ruoho reported that the fix for CVE-2005-2929 GLSA 200511-09 only disabled the lynxcgi:// handler when not using th...

Mandriva Linux Security Advisory : lynx (MDVSA-2008:218)

A vulnerability was found in the Lynxcgi: URI handler that could allow an attacker to create a web page redirecting to a malicious URL that would execute arbitrary code as the user running Lynx, if they were using the non-default Advanced user mode CVE-2008-4690. This update corrects these issues...

Mandriva Update for lynx MDVSA-2008:218 (lynx)

Check for the Version of lynx OpenVAS Vulnerability Test Mandriva Update for lynx MDVSA-2008:218 lynx Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

CentOS Update for lynx CESA-2008:0965 centos3 x86_64

Check for the Version of lynx OpenVAS Vulnerability Test CentOS Update for lynx CESA-2008:0965 centos3 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

CentOS Update for lynx CESA-2008:0965 centos3 i386

Check for the Version of lynx OpenVAS Vulnerability Test CentOS Update for lynx CESA-2008:0965 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

Fedora 8 : lynx-2.8.6-12.fc8 (2008-9597)

Mon Nov 10 2008 Jiri Moskovcak - 2.8.6-12 - Fixed CVE-2008-4690 lynx: remote arbitrary command execution. via a crafted lynxcgi: URL thoger - Fri May 30 2008 Jiri Moskovcak - 2.8.6-11 - updated to latest upstream version 2.8.6rel5 - Resolves: 214205 - Wed Jan 9 2008 Jiri Moskovcak - 2.8.6-10 -...

lynx code execution

It's possible to execute code in Advanced Mode by redirecting to lynxcgi: URI...

lynx: remote arbitrary command execution via a crafted lynxcgi: URL

lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have define...

CVE-2008-4690

lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have define...

CVE-2008-4690

lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have define...

CVE-2008-4690

CVE-2008-4690 affects Lynx 2.8.6dev.15 and earlier when Advanced mode is enabled and Lynx is configured as a URL handler. A crafted lynxcgi: URL can allow remote attackers to execute arbitrary commands. The connected Nessus/Gentoo/OpenVAS advisories reference Lynx fixes and mitigations: patches w...

Fedora Core 4 : lynx-2.8.5-23.2 (2005-1079)

This update fixes CVE-2005-2929 lynxcgi: URLs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

lynx arbitrary command execution

Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via 1 lynxcgi:, 2 lynxexec, and 3 lynxprog links, which are not properly restricted in the default configuration in some environments...