IDCVSSSummaryLast (major) updatePublished
CVE-2010-2251 7.5
The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Conte
10-10-2018 - 19:59 06-07-2010 - 17:17
CVE-2007-2348 6.8
mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundarie
11-10-2017 - 01:32 27-04-2007 - 18:19
Back to Top Mark selected
Back to Top