123 matches found
mini_httpd: Arbitrary code execution
Background minihttpd is a small webserver with optional SSL and IPv6 support. Description minihttpd does not properly check for shell escapes when parsing HTTP requests. Impact A remote attacker could send specially crafted HTTP requests, possibly resulting in execution of arbitrary code with the...
CVE-2009-4490
minihttpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...
Design/Logic Flaw
minihttpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...
DEBIAN-CVE-2009-4490
minihttpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...
CVE-2009-4490
minihttpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...
CVE-2009-4490
minihttpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...
CVE-2009-4490
minihttpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...
CVE-2009-4490
minihttpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...
CVE-2009-4490
CVE-2009-4490 affects mini_httpd 1.19. The flaw: logging non-printable characters without sanitization may let a remote attacker craft an HTTP request with an escape sequence to modify a window title and potentially execute arbitrary code or overwrite files. The Gentoo advisory GLSA 201206-27 des...
Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability
Acme 'thttpd' and 'minihttpd' are prone to a command-injection vulnerability because they fail to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. This issue affects thttpd 2.25b and minihttpd 1.19; other versions m...
Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability
Acme SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.100447";...
mini_httpd 1.18 - HTTP Request Escape Sequence Terminal Command Injection
source: https://www.securityfocus.com/bid/37714/info Acme 'thttpd' and 'minihttpd' are prone to a command-injection vulnerability because they fail to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. This issue...
thttpd 2.24 - HTTP Request Escape Sequence Terminal Command Injection
source: https://www.securityfocus.com/bid/37714/info Acme 'thttpd' and 'minihttpd' are prone to a command-injection vulnerability because they fail to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. This issue...
mini_httpd 1.18 - HTTP Request Escape Sequence Terminal Command Injection
minihttpd 1.18 - HTTP Request Escape Sequence Terminal Command Injection source: https://www.securityfocus.com/bid/37714/info Acme 'thttpd' and 'minihttpd' are prone to a command-injection vulnerability because they fail to adequately sanitize user-supplied input in logfiles. Attackers can exploi...
thttpd 2.24 - HTTP Request Escape Sequence Terminal Command Injection
thttpd 2.24 - HTTP Request Escape Sequence Terminal Command Injection source: https://www.securityfocus.com/bid/37714/info Acme 'thttpd' and 'minihttpd' are prone to a command-injection vulnerability because they fail to adequately sanitize user-supplied input in logfiles. Attackers can exploit...
Thecus NAS Device Detection
According to its web server, the remote host is a Thecus NAS Network- Attached Storage device, which provides file-based data storage to hosts across a network. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid35820; scriptversion"1.12"; scriptnameenglish:"Thecus NAS...
THTTPD/Mini_HTTPD < 1.16 File Disclosure
Binary data 2122.prm...
thttpd/mini_httpd < 2.24 Virtual Hosting File Disclosure
Binary data 2125.prm...
CVE-2001-0893
Acme minihttpd before 1.16 allows remote attackers to view sensitive files under the document root such as .htpasswd via a GET request with a trailing /...
CVE-2001-0893
Acme mini_httpd before 1.16 is affected. A remote attacker can view sensitive files under the document root (e.g., .htpasswd) by issuing a GET request with a trailing /. Root cause is not more detailed in the provided documents. The impact is exposure of confidential data on the server; exploitat...