OESA-2025-2167 lighttpd security update

Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more...

CVE-2025-34125 D-Link DSP-W110A1 Cookie Command Injection

An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted cookie values are processed, allowing remote attackers to execute arbitrary commands on the...

PT-2025-29887 · D Link +2 · D-Link Dsp-W110A1 +2

Name of the Vulnerable Software and Affected Versions: D-Link DSP-W110A1 version 1.05B01 Description: An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server. This occurs when specially crafted cookie values are processed, allowing remot...

CVE-2023-51613

D-Link DIR-X3260 prog.cgi SetDynamicDNSSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this...

CVE-2023-44427

D-Link DIR-X3260 SetSysEmailSettings SMTPServerAddress Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...

PT-2023-8303 · D Link · D-Link Dir-X3260

Name of the Vulnerable Software and Affected Versions: D-Link DIR-X3260 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. The flaw exists within the prog.cgi binary, which...

Default configuration

The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs...

CVE-2019-5149

The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs...

CVE-2013-3619

Intelligent Platform Management Interface IPMI with firmware for Supermicro X9 generation motherboards before SMTX9317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the 1 Lighttpd web server SSL interface and the 2 Dropbear S...

Lighttpd Web Server Denial Of Service (CVE-2019-11072)

A denial-of-service vulnerability exists in Lighttpd server. This vulnerability is due to improper handling of URL when url-path-2f-decode is enabled. A remote, unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the target server. Successful...

D-Link Devices - Cookie Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'D-Link Cookie Command Execution', 'Description' = %q This module exploits an anonymous remote upload and code execution vulnerabilit...

D-Link Cookie Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'D-Link Cookie Command Execution', 'Description' = %q This module exploits an anonymous remote upload and code execution vulnerabilit...