Vulnerabilities > GNU > Wget > 1.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-07-06 | CVE-2010-2252 | Improper Input Validation vulnerability in GNU Wget GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. | 6.8 |
| 2009-09-30 | CVE-2009-3490 | Cryptographic Issues vulnerability in GNU Wget GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 6.8 |
| 2006-12-23 | CVE-2006-6719 | Remote Denial of Service vulnerability in GNU Wget FTP_Syst Function The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command. | 5.0 |
| 2004-12-31 | CVE-2004-2014 | Unspecified vulnerability in GNU Wget Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded. | 2.6 |
| 2002-12-18 | CVE-2002-1344 | Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. | 5.0 |