[VIM] #2005-0028 typo
security curmudgeon
jericho at attrition.org
Tue Jun 14 20:26:41 EDT 2005
>From the advisory:
wget:
- Security Fix: wget allows a remote malicious web server to overwrite
certain files via a redirection URL containing a ".." that resolves to
the IP address of the malicious server, which bypasses wget's filtering
for ".." sequences.
- wget does not filter or quote control characters when displaying HTTP
responses to the terminal, which may allow remote malicious web servers
to inject terminal escape sequences and execute arbitrary code.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-1487 and CAN-2004-1487 to these issues.
This lists the same two CAN designations.
More information about the VIM
mailing list