Vulnerabilities > GNU > Wget > 1.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-07-06 | CVE-2010-2252 | Improper Input Validation vulnerability in GNU Wget GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. | 6.8 |
| 2009-09-30 | CVE-2009-3490 | Cryptographic Issues vulnerability in GNU Wget GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 6.8 |
| 2006-12-23 | CVE-2006-6719 | Remote Denial of Service vulnerability in GNU Wget FTP_Syst Function The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command. | 5.0 |