University Of Kansas Lynx vulnerabilities

CVE-2005-2929 [HIGH] CWE-264 CVE-2005-2929: Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary comm Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.

CVE-2004-1617 [MEDIUM] CWE-20 CVE-2004-1617: Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service ( Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the rel

CVE-2002-1405 [MEDIUM] CVE-2002-1405: CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.

CVE-2000-0209 [HIGH] CVE-2000-0209: Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page.

CVE-1999-0371 [LOW] CVE-1999-0371: Lynx allows a local user to overwrite sensitive files through /tmp symlinks. Lynx allows a local user to overwrite sensitive files through /tmp symlinks.