VDB
CVE-2005-2929
CVE-2005-2929
PUBLISHED
CVSS 7.5 HIGH
Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.
EPSS 6.00% · 90.9th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
6.00%
90.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| university_of_kansas | lynx | 2.8.5, 2.8.6, 2.8.6_dev13 |
Timeline
- Nov 18, 2005 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Apr 13, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- 17556 third-party-advisory
- 18376 third-party-advisory
- 17666 third-party-advisory
- 15395 vdb
- ADV-2005-2394 vdb
- 17546 third-party-advisory
- 17576 third-party-advisory
- OpenPKG-SA-2005.026 vendor-advisory
- 17757 third-party-advisory
- oval:org.mitre.oval:def:9712 vdb
- 20051110 Multiple Vendor Lynx Command Injection Vulnerability third-party-advisory
- lynx-lynxcgi-command-execute(23119) vdb
- FLSA:152832 vendor-advisory
- GLSA-200511-09 vendor-advisory
- 18659 third-party-advisory
- RHSA-2005:839 vendor-advisory
- 173 third-party-advisory
- 18051 third-party-advisory
- 17512 third-party-advisory
- SCOSA-2006.7 vendor-advisory
…and 6 more