lftp versions 4.0.5 and below, wget versions 1.12 and below and libwww-perl versions 5.034 and below all suffer from an unexpected download filename vulnerability.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/89645/oCERT-2010-001.txt
Source: https://packetstormsecurity.com/files/89645/Open-Source-CERT-Security-Advisory-2010.1.html