Lucene search
K

15 matches found

Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.46 views

lighttpd < 1.4.35 Multiple Vulnerabilities

According to its banner, the version of lighttpd running on the remote host is prior to 1.4.35. It is, therefore, affected by the following vulnerabilities : - A SQL injection flaw exists in the 'modmysqlvhost' module where user input passed using the hostname is not properly sanitized. A remote...

9.8CVSS10AI score0.61665EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2015/01/19 12:0 a.m.30 views

Oracle Solaris Third-Party Patch Update : lighttpd (multiple_vulnerabilities_in_lighttpd)

The remote Solaris system is missing necessary patches to address security updates : - SQL injection vulnerability in modmysqlvhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to requestcheckhostname. CVE-2014-2323 - Multiple...

9.8CVSS8.2AI score0.61665EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2014/10/12 12:0 a.m.39 views

Amazon Linux AMI : lighttpd (ALAS-2014-346)

Multiple directory traversal vulnerabilities in 1 modevhost and 2 modsimplevhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. dot dot in the host name, related to requestcheckhostname. SQL injection vulnerability in modmysqlvhost.c in lighttpd before 1.4.35...

9.8CVSS8.3AI score0.61665EPSS
Exploits4References3
OpenVAS
OpenVAS
added 2014/04/10 12:0 a.m.39 views

SuSE Update for lighttpd openSUSE-SU-2014:0496-1 (lighttpd)

Check for the Version of lighttpd OpenVAS Vulnerability Test $Id: gbsuse201404961.nasl 8044 2017-12-08 08:32:49Z santu $ SuSE Update for lighttpd openSUSE-SU-2014:0496-1 lighttpd Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This...

7.5CVSS9.6AI score0.61665EPSS
Exploits4References1
OpenVAS
OpenVAS
added 2014/04/03 12:0 a.m.33 views

Fedora Update for lighttpd FEDORA-2014-3947

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.61665EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2014/04/03 12:0 a.m.29 views

Fedora Update for lighttpd FEDORA-2014-3887

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.61665EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2014/03/26 12:0 a.m.45 views

Fedora 20 : lighttpd-1.4.35-1.fc20 (2014-3887)

1.4.35, fixes SA-2014-01, CVE-2014-2323, CVE-2014-2324 1 http://seclists.org/oss-sec/2014/q1/561 2 http://download.lighttpd.net/lighttpd/security/lighttpdsa201401.txt 3 http://www.lighttpd.net/2014/3/12/1.4.35/ Note that Tenable Network Security has extracted the preceding description block...

9.8CVSS7.5AI score0.61665EPSS
Exploits4References8
Tenable Nessus
Tenable Nessus
added 2014/03/26 12:0 a.m.43 views

Fedora 19 : lighttpd-1.4.35-1.fc19 (2014-3947)

1.4.35, fixes SA-2014-01, CVE-2014-2323, CVE-2014-2324 1 http://seclists.org/oss-sec/2014/q1/561 2 http://download.lighttpd.net/lighttpd/security/lighttpdsa201401.txt 3 http://www.lighttpd.net/2014/3/12/1.4.35/ Note that Tenable Network Security has extracted the preceding description block...

9.8CVSS7.5AI score0.61665EPSS
Exploits4References8
securityvulns
securityvulns
added 2014/03/24 12:0 a.m.105 views

[SECURITY] [DSA 2877-1] lighttpd security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2877-1 [email protected] http://www.debian.org/security/ Michael Gilbert March 12, 2014 http://www.debian.org/security/faq -...

7.5CVSS2.5AI score0.61665EPSS
Exploits4
Mageia
Mageia
added 2014/03/19 5:28 p.m.49 views

Updated lighttpd package fixes security vulnerabilities

SQL injection vulnerability in lighttpd before 1.4.35 when modmysqlvhost is in use, due to insufficient validation of hostnames in HTTP requests CVE-2014-2323. Possible path traversal vulnerabilities in lighttpd before 1.4.35 when either modevhost or modsimplevhost are in use, due to insufficient...

9.8CVSS10.1AI score0.61665EPSS
Exploits4References3
NVD
NVD
added 2014/03/14 3:55 p.m.23 views

CVE-2014-2324

Multiple directory traversal vulnerabilities in 1 modevhost and 2 modsimplevhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. dot dot in the host name, related to requestcheckhostname...

5CVSS9.5AI score0.28814EPSS
Exploits2References13
CVE
CVE
added 2014/03/14 3:0 p.m.369 views

CVE-2014-2324

CVE-2014-2323 and CVE-2014-2324 affect lighttpd prior to 1.4.35. The issues include: (1) SQL injection in mod_mysql_vhost.c via the host name (CVE-2014-2323); and (2) directory traversal via host-name input in mod_evhost and mod_simple_vhost (CVE-2014-2324). These allow remote attackers to manipu...

5CVSS9.2AI score0.28814EPSS
Exploits2References13Affected Software1
Debian
Debian
added 2014/03/13 4:28 a.m.36 views

[SECURITY] [DSA 2877-1] lighttpd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2877-1 [email protected] http://www.debian.org/security/ Michael Gilbert March 12, 2014 http://www.debian.org/security/faq -...

7.5CVSS2.9AI score0.61665EPSS
Exploits4
Debian
Debian
added 2014/03/13 4:28 a.m.41 views

[SECURITY] [DSA 2877-1] lighttpd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2877-1 [email protected] http://www.debian.org/security/ Michael Gilbert March 12, 2014 http://www.debian.org/security/faq -...

9.8CVSS10AI score0.61665EPSS
Exploits4
OpenVAS
OpenVAS
added 2014/03/11 12:0 a.m.21 views

Debian: Security Advisory (DSA-2877-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.61665EPSS
Exploits4References3
Rows per page
Query Builder