CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2005-3124 – Debian Linux Security Advisory 883-1
https://notcve.org/view.php?id=CVE-2005-3124
05 Nov 2005 — syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file. The Debian Security Audit team has discovered that the syslogtocern script from thttpd, a tiny webserver, uses a temporary file insecurely, allowing a local attacker to craft a symlink attack to overwrite arbitrary files. • http://secunia.com/advisories/17454 •
CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 4CVE-2004-2628 – Acme thttpd 2.0.7 - Directory Traversal
https://notcve.org/view.php?id=CVE-2004-2628
31 Dec 2004 — Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence ("%5C..") or (2) a drive letter (such as "C:"). • https://www.exploit-db.com/exploits/24350 •
CVSS: 9.8EPSS: 36%CPEs: 3EXPL: 4CVE-2003-0899 – thttpd 2.2x - 'defang' Remote Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2003-0899
30 Oct 2003 — Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences. Desbordamiento de búfer en la función defang en libhttpd.c de thttpd 2.21 a 2.23b1, permite a atacantes remotos ejecutar código de su elección mediante peticiones que contienen caracteres '<' ó '>' que provocan el desbordamiento cuando son expandidos a la... • https://www.exploit-db.com/exploits/23305 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2002-1562
https://notcve.org/view.php?id=CVE-2002-1562
26 Apr 2003 — Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header. Vulnerabilidad de atravesamiento de directorios en thttpd, cuando se usan servidores virtuales, permite a atacantes remotos leer ficheros mediante secuencias .. (punto punto) en la cabecera Host: • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000777 •
CVSS: 7.5EPSS: 9%CPEs: 1EXPL: 2CVE-2002-0733 – ACME Labs thttpd 2.20 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0733
12 Aug 2002 — Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message. Vulnerabilidad de secuencia de comandos en sitios cruzados en thttpd 2.20 y anteriores permite a atacantes remotos la ejecución arbitraria de rutinas mediante una URL a una página inexistente, lo cual provoca que thttpd inserte la rutina en un mensaje de error 404. • https://www.exploit-db.com/exploits/21422 •
CVSS: 9.8EPSS: 19%CPEs: 1EXPL: 0CVE-2001-1496
https://notcve.org/view.php?id=CVE-2001-1496
31 Dec 2001 — Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code. • http://www.securityfocus.com/archive/1/241310 • CWE-193: Off-by-one Error •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0893
https://notcve.org/view.php?id=CVE-2001-0893
13 Nov 2001 — Acme mini_httpd before 1.16 allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /. • http://marc.info/?l=bugtraq&m=100568999726036&w=2 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0892
https://notcve.org/view.php?id=CVE-2001-0892
13 Nov 2001 — Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /. • http://marc.info/?l=bugtraq&m=100568999726036&w=2 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 12%CPEs: 1EXPL: 1CVE-2001-0748 – Acme.Serve 1.7 - Arbitrary File Access
https://notcve.org/view.php?id=CVE-2001-0748
18 Oct 2001 — Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI. • https://www.exploit-db.com/exploits/20894 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 6%CPEs: 15EXPL: 2CVE-2001-0463 – PerlCal 2.x - Directory Traversal
https://notcve.org/view.php?id=CVE-2001-0463
27 Jun 2001 — Directory traversal vulnerability in cal_make.pl in PerlCal allows remote attackers to read arbitrary files via a .. (dot dot) in the p0 parameter. • https://www.exploit-db.com/exploits/20808 •