4 results (0.001 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution. La implementación htpasswd de mini_httpd, en versiones anteriores a la v1.28 y de thttpd, en versiones anteriores a la v2.28, se ha visto afectada por un desbordamiento de búfer que podría ser explotado de forma remota para ejecutar código. • http://acme.com/updates/archive/199.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files. thttpd anterior a 2.25b-r6 en Gentoo Linux es iniciado desde el directorio raíz del sistema (/) por el paquete de distribución base 1.12.6 de Gentoo, lo cual permite a atacantes remotos leer archivos de su elección. • http://bugs.gentoo.org/show_bug.cgi?id=142047 http://osvdb.org/31965 http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html http://seclists.org/fulldisclosure/2023/Nov/13 http://secunia.com/advisories/24018 http://www.gentoo.org/security/en/glsa/glsa-200701-28.xml http://www.securityfocus.com/bid/22349 •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0

syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file. • http://secunia.com/advisories/17454 http://secunia.com/advisories/17472 http://www.debian.org/security/2005/dsa-883 http://www.securityfocus.com/bid/15320 http://www.vupen.com/english/advisories/2005/2308 •

CVSS: 9.8EPSS: 19%CPEs: 3EXPL: 4

Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "&lt;" and "&gt;" sequences. Desbordamiento de búfer en la función defang en libhttpd.c de thttpd 2.21 a 2.23b1, permite a atacantes remotos ejecutar código de su elección mediante peticiones que contienen caracteres '<' ó '>' que provocan el desbordamiento cuando son expandidos a las secuencias "<" y ">". • https://www.exploit-db.com/exploits/23305 https://www.exploit-db.com/exploits/23306 http://marc.info/?l=bugtraq&m=106729188224252&w=2 http://secunia.com/advisories/10092 http://www.osvdb.org/2729 http://www.securityfocus.com/bid/8906 http://www.texonet.com/advisories/TEXONET-20030908.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/13530 https://www.debian.org/security/2003/dsa-396 • CWE-131: Incorrect Calculation of Buffer Size •