[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2005-2929Date: (C)2005-11-18   (M)2023-12-22


Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1015195
BID-15395
SREASON-173
SECUNIA-17372
SECUNIA-17512
SECUNIA-17546
SECUNIA-17556
SECUNIA-17576
SECUNIA-17666
SECUNIA-17757
SECUNIA-18051
SECUNIA-18376
SECUNIA-18659
http://www.idefense.com/application/poi/display?id=338&type=vulnerabilities
ADV-2005-2394
FLSA:152832
GLSA-200511-09
MDKSA-2005:211
OpenPKG-SA-2005.026
RHSA-2005:839
SCOSA-2005.55
SCOSA-2006.7
http://support.avaya.com/elmodocs2/security/ASA-2006-035.htm
lynx-lynxcgi-command-execute(23119)
oval:org.mitre.oval:def:9712

CWE    1
CWE-264

© SecPod Technologies