Lucene search
K

33 matches found

Tenable Nessus
Tenable Nessus
added 2005/09/12 12:0 a.m.26 views

Fedora Core 3 : htdig-3.2.0b6-3.FC3.1 (2005-367)

Tue Apr 19 2005 Phil Knirsch 3:3.2.0b6-3.FC3.1 - Fixed security bug with unescaped output in htsearch and qtest 144127 - Removed .la and .a libs from package 145649 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable...

5.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.26 views

Debian DSA-080-1 : htdig - unauthorized gathering of data

Nergal reported a vulnerability in the htsearch program which is distributed as part of the ht://Dig package, an indexing and searching system for small domains or intranets. Using former versions it was able to pass the parameter -c to the cgi program in order to use a different configuration...

6.4CVSS5.5AI score0.02635EPSS
Exploits0References3
Cvelist
Cvelist
added 2002/03/09 5:0 a.m.23 views

CVE-2001-0834

htsearch CGI program in htdig ht://Dig 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to 1 cause a denial of service CPU consumption by specifying a large file such as /dev/zero, or 2 read arbitrary files by uploading...

6.6AI score0.02635EPSS
Exploits0References11
NVD
NVD
added 2001/12/06 5:0 a.m.25 views

CVE-2001-0834

htsearch CGI program in htdig ht://Dig 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to 1 cause a denial of service CPU consumption by specifying a large file such as /dev/zero, or 2 read arbitrary files by uploading...

6.4CVSS6.7AI score0.02635EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2001/10/17 12:0 a.m.43 views

ht://Dig htsearch Multiple Vulnerabilities

The remote CGI htsearch allows the user to supply his own configuration file using the '-c' switch, as in : /cgi-bin/htsearch?-c/some/config/file This file is not displayed by htsearch. However, if an attacker manages to upload a configuration file to the remote server, it may make htsearch read...

6.4CVSS5.8AI score0.02635EPSS
Exploits0References3
securityvulns
securityvulns
added 2001/10/09 12:0 a.m.61 views

Re: Bug found in ht://Dig htsearch CGI

Name: ht://Dig htsearch CGI Versions affected: 3.1.0b2 and more recent, including 3.1.5 and 3.2.0b3 Vulnerability: Potential remote exposure. Denial of Service. Details: The htsearch CGI runs as both the CGI and as a command-line program. The command-line program accepts the -c filename to read i...

1.1AI score
Exploits0
Cvelist
Cvelist
added 2001/09/12 4:0 a.m.27 views

CVE-2000-1191

htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path...

6.4AI score0.03046EPSS
Exploits0References4
CVE
CVE
added 2001/09/12 4:0 a.m.62 views

CVE-2000-1191

CVE-2000-1191 affects htsearch in htDig up to 3.2 beta, 3.1.6, 3.1.5 and earlier. The vulnerability arises when a non-existent configuration file is requested via the config parameter, causing an error message that reveals the server’s full path. This exposes potential information about the serve...

5CVSS6.4AI score0.03046EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2001/08/31 4:0 a.m.19 views

CVE-2000-1191

htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path...

5CVSS6.4AI score0.03046EPSS
Exploits0References4
CVE
CVE
added 2000/04/10 4:0 a.m.84 views

CVE-2000-0208

The CVE-2000-0208 issue affects the htsearch CGI in the htdig/ht://Dig package. Affected component is the htsearch CGI; the root cause is that parameters to htsearch can be crafted with backticks to cause remote reading of arbitrary files, enabling information disclosure. Impact per sources is pa...

5CVSS6.7AI score0.05836EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2000/03/03 12:0 a.m.111 views

ht://Dig < 3.1.5 htsearch CGI Multiple Vulnerabilities

The 'htsearch' CGI, which is part of the htdig package, allows anyone to read arbitrary files on the target host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid10105; scriptversion"1.36"; scriptcveid"CVE-1999-0978...

7.5CVSS5.7AI score0.05836EPSS
Exploits0References3
NVD
NVD
added 2000/02/29 5:0 a.m.23 views

CVE-2000-0208

The htdig ht://Dig CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks in parameters to htsearch...

5CVSS6.7AI score0.05836EPSS
Exploits0References1
Debian
Debian
added 2000/02/27 2:17 a.m.2 views

[SECURITY] New version of htdig released

Package: htdig Vulnerability type: remote exploit Debian-specific: no The version of htdig that was distribution in Debian GNU/Linux 2.1 aka slink is vulnerable to a remote attack. There was a vulnerability in the htsearch script that allowed remote users to read any file on the webserver that is...

5.9AI score
Exploits0
Rows per page
Query Builder