HTTP::Daemon 安全漏洞

HTTP::Daemon is a simple HTTP class developed under the open-source license of libwww-perl. Versions of HTTP::Daemon prior to version 6.17 contained security vulnerabilities. These vulnerabilities stemmed from the use of the Perl’s 2-arg open method to open string parameters, which could lead to ...

CVE-2026-8259

CVE-2026-8259 affects Tenda AC6 firmware version 2.0/15.03.06.23, where an unknown function in the HTTPD component’s /goform/telnet endpoint mishandles the lan.ip parameter, leading to an OS command injection. This allows remote exploitation with high impact on confidentiality, integrity, and ava...

CVE-2021-4030

A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary commands if they coerce or trick a local user to visit a compromised website with malicious scripts...

The vulnerability of the formSetAutoPing() function in the httpd daemon of the microprogrammed wireless access points of Tenda i6 allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the formSetAutoPing function in the httpd daemon of the microprogrammed wireless access points of Tenda i6 is related to the operation that goes beyond the buffer in memory when processing the parameter ping1. Exploiting this vulnerability can allow an attacker to compromise...

The vulnerability of the httpd next_page function in the microprogramming software of industrial Wi-Fi routers Yifan YF325 allows a hacker to execute arbitrary commands.

The vulnerability of the httpd nextpage function in the microprogramming-based industrial Wi-Fi routers Yifan YF325 relates to reading data outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Low: perl-HTTP-Daemon

Issue Overview: HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based...

Ubuntu 16.04 ESM : HTTP-Daemon vulnerability (USN-5520-2)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-5520-2 advisory. USN-5520-1 fixed a vulnerability in HTTP-Daemon. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has extracted th...

CVE-2022-31081 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in HTTP::Daemon

HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served ...

PT-2022-4815 · Nginx +8 · Nginx +8

Name of the Vulnerable Software and Affected Versions: HTTP::Daemon versions prior to 6.15 Description: The issue is related to inconsistent interpretation of HTTP requests when handling Content-Length values, potentially allowing a remote attacker to gain privileged access to APIs or poison...

The vulnerability of the httpd daemon in the microprogramming software of TP-Link’s TL-WR940N router allows a hacker to execute arbitrary code.

The vulnerability of the httpd daemon in the microprogramming-based router software from TP-Link, the TL-WR940N, is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker to execute arbitrary code...

Juplink Intelligent Technologies RX4-1500 Unauthorized Operation Vulnerability

The Juplink Intelligent Technologies RX4-1500 is a wireless router from Juplink Intelligent Technologies. A security vulnerability exists in httpd in the Juplink Intelligent Technologies RX4-1500 versions v1.0.3 through v1.0.5. A remote attacker could use this vulnerability to modify or access...

CVE-2018-8929

Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload...

D-Link DWR-932B Backdoors / Default WPS PIN

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: Multiple vulnerabilities found in the Dlink DWR-932B backdoor, backdoor accounts, weak WPS, RCE ... Advisory URL: https://pierrekim.github.io/advisories/2016-dlink-0x00.txt Blog URL:...

QuikStore Shopping Cart quikstore.cgi template Parameter Traversal Arbitrary File Access

The CGI 'quickstore.cgi' is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the HTTP daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Date: Tue, 23 Dec 2003 20:27:51 +0800 From: DrPonidi Haryanto Subject:...

[UNIX] Monkey HTTP Daemon Remote Buffer Overflow

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion In the US? Contact Beyond Security at our new California office housewarming rates on automated network vulnerability scanning. We also...