CVE-2006-1079
https://notcve.org/view.php?id=CVE-2006-1079
htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included. htpasswd, como se utiliza en Acme thttpd 2.25b y posiblemente otros productos tales como Apache, podrían permitir a usuarios locales obtener privilegios a través de metacaracteres de shell en un argumento de línea de comando, lo que se utiliza en una llamada a la función del sistema. NOTA: debido a que htpasswd normalmente es instalado como un programa no setuid y la explotación es a través de las opciones de línea de comando, quizás esta cuestión debería no incluirse en la CVE. Sin embargo, si hay algunas configuraciones típicas o recomendadas que utilizan htpasswd con privilegios de sudo o productos comunes que acceden remotamente a a htpasswd, entonces tal vez debería ser incluido. • http://marc.info/?l=thttpd&m=114153031201867&w=2 http://marc.info/?l=thttpd&m=114154083000296&w=2 http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html http://seclists.org/fulldisclosure/2023/Nov/13 http://www.osvdb.org/23828 http://www.securityfocus.com/archive/1/426823/100/0/threaded http://www.securityfocus.com/bid/16972 https://exchange.xforce.ibmcloud.com/vulnerabilities/25217 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2006-1078
https://notcve.org/view.php?id=CVE-2006-1078
Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included. Múltiples desbordamientos de búfer en htpasswd, como se utiliza en Acme thttpd 2.25b y posiblemente otros productos tales como Apache, podrían permitir a usuarios locales obtener privilegios a través de (1) un argumento de línea de comando largo y (2) una línea larga en un archivo. NOTA: debido a que htpasswd normalmente es instalado como un programa no setuid y la explotación es a través de las opciones de línea de comando, quizás esta cuestión no debería incluirse en la CVE. • http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0547.html http://issues.apache.org/bugzilla/show_bug.cgi?id=31975 http://issues.apache.org/bugzilla/show_bug.cgi?id=41279 http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051562.html http://marc.info/?l=thttpd&m=114153031201867&w=2 http://marc.info/?l=thttpd&m=114154083000296&w=2 http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html http://seclists.org/ •
CVE-2005-3124
https://notcve.org/view.php?id=CVE-2005-3124
syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file. • http://secunia.com/advisories/17454 http://secunia.com/advisories/17472 http://www.debian.org/security/2005/dsa-883 http://www.securityfocus.com/bid/15320 http://www.vupen.com/english/advisories/2005/2308 •
CVE-2004-2628 – Acme thttpd 2.0.7 - Directory Traversal
https://notcve.org/view.php?id=CVE-2004-2628
Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence ("%5C..") or (2) a drive letter (such as "C:"). • https://www.exploit-db.com/exploits/24350 http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0097.html http://marc.info/?l=bugtraq&m=109164010629836&w=2 http://securitytracker.com/alerts/2004/Aug/1010850.html http://www.acme.com/software/thttpd/#releasenotes http://www.osvdb.org/displayvuln.php?osvdb_id=8372 http://www.securityfocus.com/bid/10862 https://exchange.xforce.ibmcloud.com/vulnerabilities/16882 •
CVE-2003-0899 – thttpd 2.2x - 'defang' Remote Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2003-0899
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences. Desbordamiento de búfer en la función defang en libhttpd.c de thttpd 2.21 a 2.23b1, permite a atacantes remotos ejecutar código de su elección mediante peticiones que contienen caracteres '<' ó '>' que provocan el desbordamiento cuando son expandidos a las secuencias "<" y ">". • https://www.exploit-db.com/exploits/23305 https://www.exploit-db.com/exploits/23306 http://marc.info/?l=bugtraq&m=106729188224252&w=2 http://secunia.com/advisories/10092 http://www.osvdb.org/2729 http://www.securityfocus.com/bid/8906 http://www.texonet.com/advisories/TEXONET-20030908.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/13530 https://www.debian.org/security/2003/dsa-396 • CWE-131: Incorrect Calculation of Buffer Size •