ACME mini_httpd <1.30 - Local File Inclusion

ACME minihttpd before 1.30 is vulnerable to local file inclusion. id: CVE-2018-18778 info: name: ACME minihttpd 1.30 - Local File Inclusion author: DhiyaneshDK,dogasantos severity: medium description: ACME minihttpd before 1.30 is vulnerable to local file inclusion. impact: | Successful...

CVE-2018-18778

ACME minihttpd before 1.30 lets remote users read arbitrary files...

CVE-2020-17409

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists...

EUVD-2009-4457

Malware in sbrugna...

EUVD-2020-20360

Malware in sbrugna...

EUVD-2001-0876

Malware in sbrugna...

EUVD-2015-1682

Malware in sbrugna...

EUVD-2017-8821

Malware in sbrugna...

EUVD-2020-20365

Malware in sbrugna...

EUVD-2020-9362

Malware in sbrugna...

EUVD-2023-34146

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2009-4490

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - minihttpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly...

CVE-2023-2682

A vulnerability was found in Caton Live up to 2023-04-26 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/ping.cgi of the component MiniHTTPD. The manipulation of the argument address with the input ;id;uname$IFS-a leads to command injection. The attack...

CVE-2020-27866

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this...

CVE-2020-27872

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.621.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the minihttpd service, which listens on TCP port 80 by...

Ubuntu 16.04 ESM / 18.04 ESM : mini_httpd vulnerability (USN-4848-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-4848-1 advisory. It was discovered that ACME minihttpd did not properly handle HTTP GET requests with empty headers. A remote attacker could use this vulnerability to...

CVE-2023-2682

A vulnerability was found in Caton Live up to 2023-04-26 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/ping.cgi of the component MiniHTTPD. The manipulation of the argument address with the input ;id;uname$IFS-a leads to command injection. The attack...

Command injection

A vulnerability was found in Caton Live up to 2023-04-26 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/ping.cgi of the component MiniHTTPD. The manipulation of the argument address with the input ;id;uname$IFS-a leads to command injection. The attack...

CVE-2023-2682

The CVE-2023-2682 issue affects Caton Live (Mini_HTTPD) and centers on command injection via the /cgi-bin/ping.cgi endpoint. The root cause is manipulation of the address parameter with the input ;id;uname${IFS}-a, enabling remote code execution. Public details indicate the vulnerability is prese...

CVE-2023-2682 Caton Live Mini_HTTPD ping.cgi command injection

A vulnerability was found in Caton Live up to 2023-04-26 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/ping.cgi of the component MiniHTTPD. The manipulation of the argument address with the input ;id;uname$IFS-a leads to command injection. The attack...