8 matches found
CVE-2008-1270
moduserdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the nobody directory...
openSUSE 10 Security Update : lighttpd (lighttpd-5107)
Remote attackers were able to crash lighttpd by opening a large number of connections CVE-2008-0983. - A bug in modcgi allowed remote attackers to read cgi source files CVE-2008-1111. - A bug in moduserdir allowed remote attackers to read arbitrary files CVE-2008-1270. %NASLMINLEVEL 70300 C...
[SECURITY] [DSA 1521-1] New lighttpd packages fix arbitrary file disclosure
------------------------------------------------------------------------ Debian Security Advisory DSA-1521-1 [email protected] http://www.debian.org/security/ Steve Kemp March 16, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------...
CVE-2008-1270
moduserdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the nobody directory...
CVE-2008-1270
moduserdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the nobody directory...
CVE-2008-1270
moduserdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the nobody directory...
CVE-2008-1270
lighttpd
CVE-2008-1270
moduserdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the nobody directory...