http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2253
wp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. Ian McWilliam
www-p5-libwww.diff
Description: Binary data
