Acme thttpd Version Detection

Binary data 5555.prm...

CVE-2009-4491

thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

Design/Logic Flaw

thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

CVE-2009-4491

thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

CVE-2009-4491

thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

CVE-2009-4491

thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

PT-2010-1349 · Thttpd · Thttpd

Name of the Vulnerable Software and Affected Versions: thttpd version 2.25b0 Description: The issue allows remote attackers to potentially modify a window's title or execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. This is due to thttpd writing...

CVE-2009-4491

thttpd 2.25b0 logs data without sanitizing non‑printable characters, potentially allowing a remote attacker to modify a window title or execute commands/overwrite files via an HTTP request with a terminal-escape sequence. Root cause is unfiltered log output. No specific patch/version fix is detai...

Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability

Acme 'thttpd' and 'minihttpd' are prone to a command-injection vulnerability because they fail to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. This issue affects thttpd 2.25b and minihttpd 1.19; other versions m...

Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability

Acme SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.100447";...

Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection

Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection Name Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection Systems Affected nginx 0.7.64 Varnish 2.0.6 Cherokee 0.99.30...

thttpd 2.24 - HTTP Request Escape Sequence Terminal Command Injection

thttpd 2.24 - HTTP Request Escape Sequence Terminal Command Injection source: https://www.securityfocus.com/bid/37714/info Acme 'thttpd' and 'minihttpd' are prone to a command-injection vulnerability because they fail to adequately sanitize user-supplied input in logfiles. Attackers can exploit...

mini_httpd 1.18 - HTTP Request Escape Sequence Terminal Command Injection

minihttpd 1.18 - HTTP Request Escape Sequence Terminal Command Injection source: https://www.securityfocus.com/bid/37714/info Acme 'thttpd' and 'minihttpd' are prone to a command-injection vulnerability because they fail to adequately sanitize user-supplied input in logfiles. Attackers can exploi...

Nginx, Varnish, Cherokee, etc Log Injection

Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection Name Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection Systems Affected nginx 0.7.64 Varnish 2.0.6 Cherokee 0.99.30...

thttpd 2.24 - HTTP Request Escape Sequence Terminal Command Injection

source: https://www.securityfocus.com/bid/37714/info Acme 'thttpd' and 'minihttpd' are prone to a command-injection vulnerability because they fail to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. This issue...

mini_httpd 1.18 - HTTP Request Escape Sequence Terminal Command Injection

source: https://www.securityfocus.com/bid/37714/info Acme 'thttpd' and 'minihttpd' are prone to a command-injection vulnerability because they fail to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. This issue...

Gentoo Security Advisory GLSA 200701-28 (thttpd)

The remote host is missing updates announced in advisory GLSA 200701-28. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200701-28 (thttpd)

The remote host is missing updates announced in advisory GLSA 200701-28. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bypass Vulnerabilities AXESSTEL

Bboyhacks bboyhacksatgmail.com AXESS.TEL CDMA 1xEV-DO FIXED WIRELESS MODEN AXW-D800 S/W Version:D2ETH10901VEBR Jun-14-2006 Default LAN IP: 192.168.0.1 http thttpd 2.25b Security Bypass Vulnerabilities basic setup http://192.168.0.1/etc/config/System.html Network...

Debian Security Advisory DSA 396-1 (thttpd)

The remote host is missing an update to thttpd announced via advisory DSA 396-1. OpenVAS Vulnerability Test $Id: deb3961.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 396-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...