| Definition ID | Class | Title | Last Modified |
|---|
| oval:org.mitre.oval:def:9750 | V | wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code. | 2013-04-29 |
| oval:org.mitre.oval:def:9830 | V | Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded. | 2013-04-29 |
| oval:org.mitre.oval:def:11682 | V | wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences. | 2013-04-29 |