Wget Security Vulnerabilities and Issues — Wget CVE List

Lucene search

GnuWget

5 matches found

CVE•added 2002/12/18 5:0 a.m.•79 views

CVE-2002-1344

Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences.

5CVSS6.2AI score0.00764EPSS

CVE•added 2005/04/27 4:0 a.m.•70 views

CVE-2004-1487

wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences.

5CVSS6.2AI score0.0069EPSS

CVE•added 2005/04/27 4:0 a.m.•64 views

CVE-2004-1488

wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.

5CVSS6.9AI score0.13302EPSS

CVE•added 2006/12/23 11:28 a.m.•44 views

CVE-2006-6719

The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.

5CVSS6.1AI score0.03081EPSS

CVE•added 1999/09/29 4:0 a.m.•40 views

CVE-1999-0402

wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself.

5CVSS6.9AI score0.00462EPSS