4 matches found
CVE-2009-0037
CVE-2009-0037 affects curl/libcurl 5.11–7.19.3 when CURLOPT_FOLLOWLOCATION is enabled. The redirect code accepts arbitrary Location values, allowing: (1) triggering requests to intranet servers, (2) reading/writing files via file: URLs, and (3) executing commands via scp: URLs. Affected platforms...
CVE-2005-3185
CVE-2005-3185 describes a stack-based buffer overflow in the ntlm_output function of http-ntlm.c within wget 1.10, curl 7.13.2, and libcurl 7.13.2 (and other libcurl-using products) when NTLM authentication is enabled. The vulnerability is triggered by a long NTLM username and can allow remote co...
CVE-2012-0036
CVE-2012-0036 affects curl/libcurl 7.2x prior to 7.24.0. The issue arises from not correctly handling special characters when extracting a URL pathname, enabling data-injection via crafted URLs and enabling CRLF injection in IMAP/POP3/SMTP paths. The CVSS metrics in the record show a Base score o...
CVE-2010-3842
CVE-2010-3842 affects the curl command-line tool, specifically versions 7.20.0 through 7.21.1. The root cause is improper handling of backslashes as directory separators in the Content-Disposition header when using --remote-header-name (-J). This allows a remote server to cause the client to writ...