exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2016-4971

Status Candidate

Overview

GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.

Related Files

GNU wget Arbitrary File Upload / Code Execution
Posted Apr 30, 2021
Authored by Dawid Golunski, liewehacksie

GNU wget versions prior to 1.1.8 arbitrary file upload and code execution exploit.

tags | exploit, arbitrary, code execution, file upload
advisories | CVE-2016-4971
SHA-256 | 9eb9c61465681cef828940670f5a66c10bc60e1ed0055a7bd92271cfbcee572f
Red Hat Security Advisory 2016-2587-02
Posted Nov 3, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2587-02 - The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix: It was found that wget used a file name provided by the server for the downloaded file when following an HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client.

tags | advisory, web, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-4971
SHA-256 | 1e8cef7d8f8f658d7a30a5d5c2a015de30669cb1a90b04848980ffde73fbab4a
Gentoo Linux Security Advisory 201610-11
Posted Oct 30, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201610-11 - Multiple vulnerabilities have been found in Wget, the worst of which could lead to the remote execution of arbitrary code. Versions less than 1.18 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-4971
SHA-256 | fe8f321799648fd7117d0c42050293a7b7f3f611b64a3ef20bfd07261e897964
GNU Wget Arbitrary File Upload / Potential Remote Code Execution
Posted Jul 6, 2016
Authored by Dawid Golunski

GNU Wget versions prior to 1.18 suffer from an arbitrary file upload vulnerability that may allow for remote code execution.

tags | exploit, remote, arbitrary, code execution, file upload
advisories | CVE-2016-4971
SHA-256 | 3ebf4d81b9c108e57502040e8018d849ca791f68c50a3e363db8ee6554556d53
Ubuntu Security Notice USN-3012-1
Posted Jun 21, 2016
Authored by Ubuntu, Dawid Golunski | Site security.ubuntu.com

Ubuntu Security Notice 3012-1 - Dawid Golunski discovered that Wget incorrectly handled filenames when being redirected from an HTTP to an FTP URL. A malicious server could possibly use this issue to overwrite local files.

tags | advisory, web, local
systems | linux, ubuntu
advisories | CVE-2016-4971
SHA-256 | ce58c9f63ee02189ccf645ed4f89fd26639c73baac37f0bbea564d04d356fe3d
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close