Lucene search
K

230 matches found

Debian
Debian
added 2006/12/01 3:36 p.m.37 views

[SECURITY] [DSA 1205-2] New thttpd packages fix insecure temporary file creation

-------------------------------------------------------------------------- Debian Security Advisory DSA 1205-2 [email protected] http://www.debian.org/security/ Steve Kemp December 1sd, 2006 http://www.debian.org/security/faq -...

7.2CVSS6.1AI score0.00368EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/11/06 12:0 a.m.37 views

Debian DSA-1205-2 : thttpd - insecure temporary files

The original advisory for this issue didn't contain fixed packages for all supported architectures which are corrected in this update. For reference please find below the original advisory text : Marco d'Itri discovered that thttpd, a small, fast and secure webserver, makes use of insecure...

7.2CVSS5.4AI score0.00368EPSS
Exploits0References3
securityvulns
securityvulns
added 2006/11/05 12:0 a.m.43 views

thttpd symbolic links problem

Insecure temporary file creation on logfiles rotation...

0.6AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2006/11/05 12:0 a.m.70 views

[SECURITY] [DSA-1205-1] New thttpd packages fix insecure temporary file creation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1205-1 [email protected] http://www.debian.org/security/ Steve Kemp November 2rd, 2006 http://www.debian.org/security/faq -...

7.2CVSS0.00368EPSS
Exploits0
Debian
Debian
added 2006/11/03 3:41 p.m.29 views

[SECURITY] [DSA-1205-1] New thttpd packages fix insecure temporary file creation

-------------------------------------------------------------------------- Debian Security Advisory DSA 1205-1 [email protected] http://www.debian.org/security/ Steve Kemp November 2rd, 2006 http://www.debian.org/security/faq -...

7.2CVSS6.1AI score0.00368EPSS
Exploits0
OSV
OSV
added 2006/11/02 12:0 a.m.26 views

DSA-1205-1 thttpd - insecure temporary files

Bulletin has no description...

7.2CVSS8.3AI score0.00368EPSS
Exploits0
NVD
NVD
added 2006/10/31 7:7 p.m.26 views

CVE-2006-4248

thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the startthttpd temporary file...

7.2CVSS6.2AI score0.00368EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2006/10/31 7:7 p.m.32 views

CVE-2006-4248

thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the startthttpd temporary file...

7.2CVSS6AI score0.00368EPSS
Exploits0References1
Cvelist
Cvelist
added 2006/10/31 7:0 p.m.33 views

CVE-2006-4248

thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the startthttpd temporary file...

6.2AI score0.00368EPSS
Exploits0References4
CVE
CVE
added 2006/10/31 7:0 p.m.101 views

CVE-2006-4248

CVE-2006-4248 affects thttpd (notably in Debian and related distributions) and involves a local symlink attack that allows a local user to create or touch arbitrary files via insecure temporary file usage in start_thttpd during log rotation. The root cause is the use of insecure temporary files, ...

7.2CVSS6.2AI score0.00368EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2006/10/14 12:0 a.m.27 views

Debian DSA-883-1 : thttpd - insecure temporary file

Javier Fernandez-Sanguino Pena from the Debian Security Audit team discovered that the syslogtocern script from thttpd, a tiny webserver, uses a temporary file insecurely, allowing a local attacker to craft a symlink attack to overwrite arbitrary files. %NASLMINLEVEL 70300 C Tenable Network...

2.1CVSS5.6AI score0.00367EPSS
Exploits0References2
NVD
NVD
added 2006/03/09 12:2 a.m.22 views

CVE-2006-1078

Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via 1 a long command line argument and 2 a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the...

8.4CVSS6.9AI score0.00526EPSS
Exploits1References14
Prion
Prion
added 2006/03/09 12:2 a.m.25 views

Design/Logic Flaw

htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, an...

7.2CVSS7.4AI score0.00393EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2006/03/09 12:2 a.m.22 views

CVE-2006-1079

htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, an...

7.2CVSS6.8AI score0.00393EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2006/03/09 12:0 a.m.14 views

CVE-2006-1078

Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via 1 a long command line argument and 2 a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the...

7.6AI score0.00526EPSS
Exploits1References14
Cvelist
Cvelist
added 2006/03/09 12:0 a.m.25 views

CVE-2006-1079

htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, an...

6.8AI score0.00393EPSS
Exploits1References8
CVE
CVE
added 2006/03/09 12:0 a.m.78 views

CVE-2006-1079

CVE-2006-1079 concerns the htpasswd utility used by Acme thttpd (notably 2.25b) where local users can escalate privileges through shell metacharacters passed as command-line arguments to system(). Several sourced entries indicate this vulnerability exists in htpasswd and note the issue may be exp...

7.2CVSS6.8AI score0.00393EPSS
Exploits1References8Affected Software1
CVE
CVE
added 2006/03/09 12:0 a.m.110 views

CVE-2006-1078

Concrete details found: CVE-2006-1078 concerns multiple buffer overflows in the htpasswd utility used by Acme thttpd 2.25b. The vulnerabilities allow a local attacker to gain or escalate privileges via (1) a long command-line argument and (2) a long line in a file. The advisory notes htpasswd is ...

8.4CVSS6.9AI score0.00526EPSS
Exploits1References14Affected Software1
Tenable Nessus
Tenable Nessus
added 2006/03/06 12:0 a.m.34 views

Acme thttpd < 2.26 htpasswd Utility Overflow

Binary data 3463.prm...

8.4CVSS7AI score0.00526EPSS
Exploits1References4
Cvelist
Cvelist
added 2005/12/04 10:0 p.m.16 views

CVE-2004-2628

Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains 1 a hex-encoded backslash dot-dot sequence "%5C.." or 2 a drive letter such as "C:"...

6.9AI score0.03623EPSS
Exploits1References7
Rows per page
Query Builder