wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences.
Max CVSS
5.0
EPSS Score
0.20%
Published
2005-04-27
Updated
2018-10-03
wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.
Max CVSS
5.0
EPSS Score
1.94%
Published
2005-04-27
Updated
2018-10-03
Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.
Max CVSS
2.6
EPSS Score
0.04%
Published
2004-12-31
Updated
2018-10-03
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!