GNU wget versions prior to 1.1.8 arbitrary file upload and code execution exploit.
9eb9c61465681cef828940670f5a66c10bc60e1ed0055a7bd92271cfbcee572fRed Hat Security Advisory 2016-2587-02 - The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix: It was found that wget used a file name provided by the server for the downloaded file when following an HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client.
1e8cef7d8f8f658d7a30a5d5c2a015de30669cb1a90b04848980ffde73fbab4aGentoo Linux Security Advisory 201610-11 - Multiple vulnerabilities have been found in Wget, the worst of which could lead to the remote execution of arbitrary code. Versions less than 1.18 are affected.
fe8f321799648fd7117d0c42050293a7b7f3f611b64a3ef20bfd07261e897964GNU Wget versions prior to 1.18 suffer from an arbitrary file upload vulnerability that may allow for remote code execution.
3ebf4d81b9c108e57502040e8018d849ca791f68c50a3e363db8ee6554556d53Ubuntu Security Notice 3012-1 - Dawid Golunski discovered that Wget incorrectly handled filenames when being redirected from an HTTP to an FTP URL. A malicious server could possibly use this issue to overwrite local files.
ce58c9f63ee02189ccf645ed4f89fd26639c73baac37f0bbea564d04d356fe3d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed