Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2007-2348
Description:mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.
Test IDs: 1.3.6.1.4.1.25623.1.0.64806   1.3.6.1.4.1.25623.1.0.64930   1.3.6.1.4.1.25623.1.0.122451   1.3.6.1.4.1.25623.1.0.880878  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2007-2348
BugTraq ID: 23736
http://www.securityfocus.com/bid/23736
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10806
RedHat Security Advisories: RHSA-2009:1278
http://rhn.redhat.com/errata/RHSA-2009-1278.html
http://secunia.com/advisories/25107
http://secunia.com/advisories/25132
http://secunia.com/advisories/36559
http://www.vupen.com/english/advisories/2007/1590




© 1998-2021 E-Soft Inc. All rights reserved.