[CLOSE] OSVDB ID : 56411 - Disclosed: 2009-07-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 16902 - Disclosed: 2004-05-16

Description:

(Description Provided by CVE) : Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.

[CLOSE] OSVDB ID : 32755 - Disclosed: 2006-12-18

Description:

(Description Provided by CVE) : The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.

[CLOSE] OSVDB ID : 12638 - Disclosed: 2004-12-09

Description:

(Description Provided by CVE) : wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.

[CLOSE] OSVDB ID : 20011 - Disclosed: 2005-10-13

Description:

A remote overflow exists in wget. The 'ntlm_output()' function fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted HTTP redirect request containing an overly long NTLM username, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 11426 - Disclosed: 1999-02-20

Description:

(Description Provided by CVE) : wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself.

[CLOSE] OSVDB ID : 12640 - Disclosed: 2004-12-09

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 66109 - Disclosed: 2010-05-17

Description:

When requesting a document that returns a 3xx redirection code, wget uses the new name of the file, allowing a malicious server to create or overwrite an arbitrary file in the current folder.

[CLOSE] OSVDB ID : 8866 - Disclosed: 2002-12-12

Description:

(Description Provided by CVE) : Buffer overflow in url_filename function for wget 1.8.1 allows attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long URL.

[CLOSE] OSVDB ID : 5603 - Disclosed: 2004-04-20

Description:

wget contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user supplies a username and login via the command line, which will disclose that information to other users via process listings (ps) resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 57632 - Disclosed: 2009-08-05

Description:

(Description Provided by CVE) : GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

[CLOSE] OSVDB ID : 45339 - Disclosed: 2008-05-18

Description:

(Description Provided by CVE) : Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter.

[CLOSE] OSVDB ID : 9731 - Disclosed: 2004-09-06

Description:

gnubiff contains a flaw that may allow a remote denial of service. The issue is triggered when processing UIDL lists, which may allow a remote attacker to crash the process with excessive UIDL requests, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 9730 - Disclosed: 2004-09-06

Description:

gnubiff contains a flaw related to the 'pop3.c' file that may allow a remote attacker to cause a buffer overflow. No further details have been provided.

[CLOSE] OSVDB ID : 7250 - Disclosed: 2004-06-22

Description:

gnubiff contains a flaw related to the tables used for password encryption that may allow an attacker to gain access to passwords. No further details have been provided.

[CLOSE] OSVDB ID : 12777 - Disclosed: 2004-11-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 76614 - Disclosed: 2011-10-17

Description:

GNUBoard contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the bbs/tb.php script not properly sanitizing user-supplied input passed via the URL. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 51414 - Disclosed: 2009-01-15

Description:

(Description Provided by CVE) : Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the g4_path parameter. NOTE: in some environments, this can be leveraged for remote code execution via a data: URI or a UNC share pathname.

[CLOSE] OSVDB ID : 12710 - Disclosed: 2005-01-03

Description:

GNUBoard contains a flaw that may allow a malicious user to upload arbitrary files. The issue is triggered when a filename is submitted to gbupdate.php with an extension with capital letters. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12389 - Disclosed: 2004-12-14

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39 and earlier allows remote attackers to execute arbitrary PHP code by modifying the doc parameter to reference a URL on a remote web server that contains the code.

[CLOSE] OSVDB ID : 69298 - Disclosed: 2010-10-20

Description:

GnuCash contains a path subversion flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the 'src/gnc-test-env' script incorrectly sets the environment variable 'LD_LIBRARY_PATH', allowing a context-dependent attacker to gain elevated privileges by tricking a user into running the script in a directory containing a malicious library.

[CLOSE] OSVDB ID : 33224 - Disclosed: 2007-01-18

Description:

(Description Provided by CVE) : gnucash 2.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and (3) qof.trace.[PID] temporary files.

[CLOSE] OSVDB ID : 75225 - Disclosed: 2011-09-07

Description:

GnuCash is prone to a flaw in the way it loads the perl.exe executable file. The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a .gnucash file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 56675 - Disclosed: 2009-08-01

Description:

GnuDIP contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'cgi-bin/gnudip.cgi' script not properly sanitizing user-supplied input to the 'username' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 38250 - Disclosed: 2007-05-08

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the (a) ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php, (3) check-lom.php, and (4) weigh_keywords.php in scripts/; the (b) LIBSDIR parameter to (5) logout.php, (6) help.php, (7) index.php, (8) login.php; and the ETCDIR parameter to (9) web/lom.php.

[CLOSE] OSVDB ID : 38248 - Disclosed: 2007-05-08

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the (a) ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php, (3) check-lom.php, and (4) weigh_keywords.php in scripts/; the (b) LIBSDIR parameter to (5) logout.php, (6) help.php, (7) index.php, (8) login.php; and the ETCDIR parameter to (9) web/lom.php.

[CLOSE] OSVDB ID : 38249 - Disclosed: 2007-05-08

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the (a) ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php, (3) check-lom.php, and (4) weigh_keywords.php in scripts/; the (b) LIBSDIR parameter to (5) logout.php, (6) help.php, (7) index.php, (8) login.php; and the ETCDIR parameter to (9) web/lom.php.

[CLOSE] OSVDB ID : 38251 - Disclosed: 2007-05-08

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the (a) ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php, (3) check-lom.php, and (4) weigh_keywords.php in scripts/; the (b) LIBSDIR parameter to (5) logout.php, (6) help.php, (7) index.php, (8) login.php; and the ETCDIR parameter to (9) web/lom.php.

[CLOSE] OSVDB ID : 38253 - Disclosed: 2007-05-08

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the (a) ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php, (3) check-lom.php, and (4) weigh_keywords.php in scripts/; the (b) LIBSDIR parameter to (5) logout.php, (6) help.php, (7) index.php, (8) login.php; and the ETCDIR parameter to (9) web/lom.php.

[CLOSE] OSVDB ID : 38254 - Disclosed: 2007-05-08

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the (a) ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php, (3) check-lom.php, and (4) weigh_keywords.php in scripts/; the (b) LIBSDIR parameter to (5) logout.php, (6) help.php, (7) index.php, (8) login.php; and the ETCDIR parameter to (9) web/lom.php.