← Back

Nzbget

nzbget

Vendor: Nzbget • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-49102
1Nzbget
1Nzbget
Nov 21, 2024
Nov 22, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
NZBGet 21.1 allows authenticated remote code execution because the unarchive programs (7za and unrar) preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value...Show more
NZBGet 21.1 allows authenticated remote code execution because the unarchive programs (7za and unrar) preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.Show less
CVE-2008-2266
2Nzbget
Uudeview
2Nzbget
Uudeview
Apr 23, 2026
May 16, 2008
N/A· v4
N/A· v3
4.4 MEDIUM· v2
uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam functi...Show more
uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam function. NOTE: this may be a CVE-2004-2265 regression.Show less