wget prior to 1.16 (SECURITY ALERT!) 10-29-2014

2 months ago

wget prior to 1.16 allows for a web server to write arbitrary files on the client side.

A Metasploit module is available for testing:

https://github.com/rapid7/metasploit-fr ... /pull/4088

the disclosure is here:

https://community.rapid7.com/community/ ... tem-access

Redhat's bug is here:



You are not logged in. Login or register to reply on this thread.