Lucene search
K

4 matches found

CVE
CVE
added 2009/03/05 2:0 a.m.120 views

CVE-2009-0037

CVE-2009-0037 affects curl/libcurl 5.11–7.19.3 when CURLOPT_FOLLOWLOCATION is enabled. The redirect code accepts arbitrary Location values, allowing: (1) triggering requests to intranet servers, (2) reading/writing files via file: URLs, and (3) executing commands via scp: URLs. Affected platforms...

6.8CVSS7.8AI score0.07812EPSS
CVE
CVE
added 2005/10/13 4:0 a.m.107 views

CVE-2005-3185

CVE-2005-3185 describes a stack-based buffer overflow in the ntlm_output function of http-ntlm.c within wget 1.10, curl 7.13.2, and libcurl 7.13.2 (and other libcurl-using products) when NTLM authentication is enabled. The vulnerability is triggered by a long NTLM username and can allow remote co...

7.5CVSS7.7AI score0.05188EPSS
CVE
CVE
added 2012/04/13 8:0 p.m.90 views

CVE-2012-0036

CVE-2012-0036 affects curl/libcurl 7.2x prior to 7.24.0. The issue arises from not correctly handling special characters when extracting a URL pathname, enabling data-injection via crafted URLs and enabling CRLF injection in IMAP/POP3/SMTP paths. The CVSS metrics in the record show a Base score o...

7.5CVSS8.3AI score0.16723EPSS
CVE
CVE
added 2010/10/27 10:0 p.m.58 views

CVE-2010-3842

CVE-2010-3842 affects the curl command-line tool, specifically versions 7.20.0 through 7.21.1. The root cause is improper handling of backslashes as directory separators in the Content-Disposition header when using --remote-header-name (-J). This allows a remote server to cause the client to writ...

5.8CVSS7AI score0.017EPSS