Max CVSS | 7.5 | Min CVSS | 6.8 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2007-2348 | 6.8 |
mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries
|
13-02-2023 - 02:17 | 27-04-2007 - 18:19 | |
CVE-2010-2251 | 7.5 |
The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Conte
|
10-10-2018 - 19:59 | 06-07-2010 - 17:17 |