CVSS: 7.5EPSS: 9%CPEs: 1EXPL: 2CVE-2002-0733 – ACME Labs thttpd 2.20 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0733
Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message. Vulnerabilidad de secuencia de comandos en sitios cruzados en thttpd 2.20 y anteriores permite a atacantes remotos la ejecución arbitraria de rutinas mediante una URL a una página inexistente, lo cual provoca que thttpd inserte la rutina en un mensaje de error 404. • https://www.exploit-db.com/exploits/21422 http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html http://www.acme.com/software/thttpd/#releasenotes http://www.ifrance.com/kitetoua/tuto/5holes1.txt http://www.iss.net/security_center/static/9029.php http://www.osvdb.org/5125 http://www.securityfocus.com/bid/4601 •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 0CVE-2001-1496
https://notcve.org/view.php?id=CVE-2001-1496
Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code. • http://www.securityfocus.com/archive/1/241310 http://www.securityfocus.com/archive/1/241953 http://www.securityfocus.com/bid/3562 https://exchange.xforce.ibmcloud.com/vulnerabilities/7595 • CWE-193: Off-by-one Error •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0892
https://notcve.org/view.php?id=CVE-2001-0892
Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /. • http://marc.info/?l=bugtraq&m=100568999726036&w=2 http://www.acme.com/software/thttpd • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 1CVE-2000-0900
https://notcve.org/view.php?id=CVE-2000-0900
Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack. • ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html http://www.securityfocus.com/bid/1737 https://exchange.xforce.ibmcloud.com/vulnerabilities/5313 •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2000-0359
https://notcve.org/view.php?id=CVE-2000-0359
Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header. • http://archives.neohapsis.com/archives/bugtraq/1626.html http://www.novell.com/linux/security/advisories/suse_security_announce_30.html http://www.securityfocus.com/bid/1248 •