33 matches found
Fedora Core 3 : htdig-3.2.0b6-3.FC3.1 (2005-367)
Tue Apr 19 2005 Phil Knirsch 3:3.2.0b6-3.FC3.1 - Fixed security bug with unescaped output in htsearch and qtest 144127 - Removed .la and .a libs from package 145649 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable...
Debian DSA-080-1 : htdig - unauthorized gathering of data
Nergal reported a vulnerability in the htsearch program which is distributed as part of the ht://Dig package, an indexing and searching system for small domains or intranets. Using former versions it was able to pass the parameter -c to the cgi program in order to use a different configuration...
CVE-2001-0834
htsearch CGI program in htdig ht://Dig 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to 1 cause a denial of service CPU consumption by specifying a large file such as /dev/zero, or 2 read arbitrary files by uploading...
CVE-2001-0834
htsearch CGI program in htdig ht://Dig 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to 1 cause a denial of service CPU consumption by specifying a large file such as /dev/zero, or 2 read arbitrary files by uploading...
ht://Dig htsearch Multiple Vulnerabilities
The remote CGI htsearch allows the user to supply his own configuration file using the '-c' switch, as in : /cgi-bin/htsearch?-c/some/config/file This file is not displayed by htsearch. However, if an attacker manages to upload a configuration file to the remote server, it may make htsearch read...
Re: Bug found in ht://Dig htsearch CGI
Name: ht://Dig htsearch CGI Versions affected: 3.1.0b2 and more recent, including 3.1.5 and 3.2.0b3 Vulnerability: Potential remote exposure. Denial of Service. Details: The htsearch CGI runs as both the CGI and as a command-line program. The command-line program accepts the -c filename to read i...
CVE-2000-1191
htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path...
CVE-2000-1191
CVE-2000-1191 affects htsearch in htDig up to 3.2 beta, 3.1.6, 3.1.5 and earlier. The vulnerability arises when a non-existent configuration file is requested via the config parameter, causing an error message that reveals the server’s full path. This exposes potential information about the serve...
CVE-2000-1191
htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path...
CVE-2000-0208
The CVE-2000-0208 issue affects the htsearch CGI in the htdig/ht://Dig package. Affected component is the htsearch CGI; the root cause is that parameters to htsearch can be crafted with backticks to cause remote reading of arbitrary files, enabling information disclosure. Impact per sources is pa...
ht://Dig < 3.1.5 htsearch CGI Multiple Vulnerabilities
The 'htsearch' CGI, which is part of the htdig package, allows anyone to read arbitrary files on the target host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid10105; scriptversion"1.36"; scriptcveid"CVE-1999-0978...
CVE-2000-0208
The htdig ht://Dig CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks in parameters to htsearch...
[SECURITY] New version of htdig released
Package: htdig Vulnerability type: remote exploit Debian-specific: no The version of htdig that was distribution in Debian GNU/Linux 2.1 aka slink is vulnerable to a remote attack. There was a vulnerability in the htsearch script that allowed remote users to read any file on the webserver that is...