Lucene search
K

230 matches found

FreeBSD Advisory
FreeBSD Advisory
added 2000/11/20 12:0 a.m.5 views

FreeBSD-SA-00:73.thttpd

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:73 Security Advisory FreeBSD, Inc. Topic: thttpd allows remote reading of local files Category: ports Module: thttpd Announced: 2000-11-20 Credits: [email protected]...

6AI score
Exploits0
securityvulns
securityvulns
added 2000/10/06 12:0 a.m.44 views

thttpd ssi: retrieval of arbitrary world-readable files

thttpd 2.19 and earlier server-side-includes CGI program ssi allows retrieval of arbitrary world-readable files Date: October 2, 2000 Application: thttpd 2.19 and before Author: ghandi [email protected] Vendor Status: merged patches into thttpd 2.20 Fix: upgrade into thttpd 2.20 1. Description...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2000/10/06 12:0 a.m.47 views

Дырка в thttpd (ssi CGI file retrieval)

Исполользуя абсолютный путь в Cgi-скрипте ssi можно получить доступ к любому открытому файлу в системе...

0.2AI score
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2000/10/05 12:0 a.m.40 views

thttpd-219.txt

thttpd 2.19 and earlier server-side-includes CGI program ssi allows retrieval of arbitrary world-readable files Date: October 2, 2000 Application: thttpd 2.19 and before Author: ghandi Vendor Status: merged patches into thttpd 2.20 Fix: upgrade into thttpd 2.20 1. Description The included cgi-bin...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2000/10/03 12:0 a.m.37 views

thttpd ssi Servlet Encoded Traversal Arbitrary File Access

The version of thttpd running on the remote host comes with a CGI script, 'ssi', that fails to completely sanitize its PATHTRANSLATED argument of encoded directory sequences. An unauthenticated, remote attacker can use this issue to read arbitrary files on the remote host, subject to the privileg...

7.5CVSS5.8AI score0.02022EPSS
Exploits1References2
CVE
CVE
added 2000/07/12 4:0 a.m.65 views

CVE-2000-0359

thttpd (Trivial HTTP) prior to version 2.05 is affected by a remote buffer overflow triggered by a long If-Modified-Since header. The CVE-2000-0359 entry indicates an overflow that can allow remote code execution or denial of service. Public details in connected documents specify the vulnerable c...

10CVSS7.8AI score0.05434EPSS
Exploits0References3Affected Software1
NVD
NVD
added 1999/12/31 5:0 a.m.12 views

CVE-1999-1456

thttpd HTTP server 2.03 and earlier allows remote attackers to read arbitrary files via a GET request with more than one leading / slash character in the filename...

5CVSS6.7AI score0.01711EPSS
Exploits1References3
NVD
NVD
added 1999/11/16 5:0 a.m.16 views

CVE-1999-1457

Buffer overflow in thttpd HTTP server before 2.04-31 allows remote attackers to execute arbitrary commands via a long date string, which is not properly handled by the tdateparse function...

7.5CVSS7.8AI score0.01791EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 1999/11/14 12:0 a.m.63 views

thttpd 2.04 If-Modified-Since Header Remote Buffer Overflow

It is possible to make the remote thttpd server execute arbitrary code by sending a request like : GET / HTTP/1.0 If-Modified-Since: AAA...AAAA An attacker may use this to gain control on your computer. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10285; scriptversi...

10CVSS5.7AI score0.05434EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 1999/06/22 12:0 a.m.53 views

thttpd Double Slash Request Arbitrary File Access

The remote HTTP server allows an attacker to read arbitrary files on the remote host with the privileges of the web server, simply by adding a slash in front of its name. For instance, 'GET //etc/passwd' will return the contents of the remote file '/etc/passwd'. C Tenable Network Security, Inc...

5CVSS5.7AI score0.01711EPSS
Exploits1References1
Rows per page
Query Builder