FreeBSD Ports: newsgrab

The remote host is missing an update to the system as announced in the referenced advisory. VID 35f6093c-73c3-11d9-8a93-00065be4b5b6 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

FreeBSD Ports: newsgrab

The remote host is missing an update to the system as announced in the referenced advisory. VID cd7e260a-6bff-11d9-a5df-00065be4b5b6 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

FreeBSD Ports: newsgrab

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD Ports: newsgrab

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD : newsgrab -- insecure file and directory creation (cd7e260a-6bff-11d9-a5df-00065be4b5b6)

The newsgrab script uses insecure permissions during the creation of the local output directory and downloaded files. After a file is created, permissions on it are set using the mode value of the newsgroup posting. This can potentially be a problem when the mode is not restrictive enough. In...

FreeBSD : newsgrab -- directory traversal vulnerability (35f6093c-73c3-11d9-8a93-00065be4b5b6)

The newsgrab script creates files by using the names provided in the newsgroup messages in a perl open call. This is done without performing any security checks to prevent a directory traversal. A specially crafted newsgroup message could cause newsgrab to drop an attachment anywhere on the file...

CVE-2005-0153: newsgrab file names directory traversal

CVE-2005-0153 affects Newsgrab on UNIX. Versions prior to 0.5.0pre4 allow a remote attacker to perform a directory-traversal via crafted file names (containing ..), enabling overwriting arbitrary files on the system with the user’s privileges. The issue stems from improper validation of user-supp...

Newsgrab 0.5.0pre4 - Multiple Local/Remote Vulnerabilities

source: https://www.securityfocus.com/bid/12428/info Newsgrab is reported prone to multiple vulnerabilities. The following individual issues are reported: Newsgrab is reported prone to a directory traversal vulnerability. This vulnerability exists because the software does not sufficiently saniti...

CVE-2005-0154: newsgrab newsgrab.pl file information disclosure

The CVE-2005-0154 entry concerns Newsgrab 0.5.0pre4 (and related versions) with an insecure permissions vulnerability in the local output directory and downloaded files. The newsgrab.pl file sets the output directory permissions as world-readable, enabling a local attacker to view downloaded cont...

newsgrab -- directory traversal vulnerability

The newsgrab script creates files by using the names provided in the newsgroup messages in a perl open call. This is done without performing any security checks to prevent a directory traversal. A specially crafted newsgroup message could cause newsgrab to drop an attachment anywhere on the file...