30 matches found
EUVD-2026-24965
The recursive mode -R of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined solely by the success or failure of the last file processed. This allows the command to return an exit code of 0 success even if error...
CVE-2026-35340 uutils coreutils chown and chgrp False Success Exit Code in Recursive Mode
A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownershi...
CVE-2026-35340 uutils coreutils chown and chgrp False Success Exit Code in Recursive Mode
A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownershi...
CVE-2026-35340
The CVE-2026-35340 issue affects the uutils coreutils chown and chgrp via the ChownExecutor. In recursive operations, the utilities return an exit code based solely on the last processed file; if earlier ownership/group changes failed due to permissions, they may still report success (0). This ca...
CVE-2026-35339
The CVE-2026-35339 entry concerns the recursive mode (-R) of uutils coreutils chmod. Affected component: chmod in uutils coreutils. Issue: exit codes are determined by the last file processed, allowing an exit code of 0 despite prior errors (e.g., Operation not permitted). Impact: scripts relying...
CVE-2026-35339
The recursive mode -R of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined solely by the success or failure of the last file processed. This allows the command to return an exit code of 0 success even if error...
EUVD-2009-4378
Malware in sbrugna...
CLSA-2025-1757608663 rsync: Fix of CVE-2024-12087
CVE-2024-12087: fix a path traversal issue in --inc-recursive mode that let a malicious server escape the destination directory...
GNU Wget FTP Symlink Arbitrary Filesystem Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GNU Wget FTP Symlink Arbitrary Filesystem Access', 'Description' = %q This module exploits a vulnerability in Wget when used in recursive -r mode...
SUSE CVE-2009-4411
The 1 setfacl and 2 getfacl commands in XFS acl 2.2.47, when running in recursive -R mode, follow symbolic links even when the --physical aka -P or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack...
SUSE CVE-2016-7098
Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open...
openssh: Improper validation of object names allows malicious server to overwrite files via scp client
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are prevented...
DEBIAN-CVE-2019-6111
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are prevented...
CVE-2019-6111
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are prevented...
GNU Wget < 1.18 - Access List Bypass / Race Condition Vulnerabilities
Exploit for multiple platform in category remote exploits ''' ============================================= - Discovered by: Dawid Golunski - dawidatlegalhackers.com - https://legalhackers.com - https://legalhackers.com/advisories/Wget-Exploit-ACL-bypass-RaceCond-CVE-2016-7098.html - CVE-2016-709...
CVE-2016-7098
Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open...
UBUNTU-CVE-2016-7098
Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open...
Debian DSA-3062-1 : wget - security update
HD Moore of Rapid7 discovered a symlink attack in Wget, a command-line utility to retrieve files via HTTP, HTTPS, and FTP. The vulnerability allows to create arbitrary files on the user's system when Wget runs in recursive mode against a malicious FTP server. Arbitrary file creation may override...
DLA-82-1 wget - security update
Bulletin has no description...
DSA-3062-1 wget - security update
Bulletin has no description...