lftp mirror --script does not escape names and targets of symbolic links

mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands su...

Unfixed XSS vulnerability at catholicinformation.helpserve.com

Security researcher BackDoor, has submitted on 13/09/2007 a cross-site-scripting XSS vulnerability affecting catholicinformation.helpserve.com, which at the time of submission ranked 4364 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on...

DEBIAN-CVE-2007-2348

mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands su...

"mirror" directory traversal

mirror is a Perl script which is widely used for making copy of remote FTP site. It's included in FreeBSD packages. There are security holes, which allows overwrite local files from remote ftp site with permissions of the user who uses mirror. Then retrieving directory listing mirror doesn't chec...