Vulnerabilities
Vulnerable Software
Gnu:  Security Vulnerabilities
wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.
CVSS Score
5.0
EPSS Score
0.119
Published
2005-04-27
The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
CVSS Score
2.1
EPSS Score
0.004
Published
2005-02-09
The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.
CVSS Score
2.1
EPSS Score
0.004
Published
2005-02-09
The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
CVSS Score
2.1
EPSS Score
0.004
Published
2005-02-09
The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.
CVSS Score
2.1
EPSS Score
0.004
Published
2005-02-09
Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.
CVSS Score
7.5
EPSS Score
0.044
Published
2005-02-07
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.
CVSS Score
4.6
EPSS Score
0.012
Published
2005-01-21
Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.
CVSS Score
7.5
EPSS Score
0.045
Published
2005-01-21
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.
CVSS Score
10.0
EPSS Score
0.16
Published
2005-01-10
Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.
CVSS Score
4.3
EPSS Score
0.018
Published
2005-01-10


Contact Us

Shodan ® - All rights reserved