Lucene search

Htdig Security Vulnerabilities

cve

CVE-2000-0208

The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch.

6.7AI Score

0.141EPSS

2000-04-10 04:00 AM

cve

CVE-2001-0834

htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by upl...

6.6AI Score

0.016EPSS

2002-03-09 05:00 AM

cve

CVE-2002-2010

Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig (ht://Dig) 3.1.5, 3.1.6, and 3.2 allows remote attackers to inject arbitrary web script or HTML via the words parameter.

5.7AI Score

0.002EPSS

2022-10-03 04:23 PM

cve

CVE-2005-0085

Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.

5.7AI Score

0.023EPSS

2005-04-27 04:00 AM

cve

CVE-2007-6110

Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.

5.3AI Score

0.008EPSS

2007-11-23 08:46 PM