CVE-2004-2628 – Acme thttpd 2.0.7 - Directory Traversal
https://notcve.org/view.php?id=CVE-2004-2628
Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence ("%5C..") or (2) a drive letter (such as "C:"). • https://www.exploit-db.com/exploits/24350 http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0097.html http://marc.info/?l=bugtraq&m=109164010629836&w=2 http://securitytracker.com/alerts/2004/Aug/1010850.html http://www.acme.com/software/thttpd/#releasenotes http://www.osvdb.org/displayvuln.php?osvdb_id=8372 http://www.securityfocus.com/bid/10862 https://exchange.xforce.ibmcloud.com/vulnerabilities/16882 •
CVE-2003-0899 – thttpd 2.2x - 'defang' Remote Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2003-0899
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences. Desbordamiento de búfer en la función defang en libhttpd.c de thttpd 2.21 a 2.23b1, permite a atacantes remotos ejecutar código de su elección mediante peticiones que contienen caracteres '<' ó '>' que provocan el desbordamiento cuando son expandidos a las secuencias "<" y ">". • https://www.exploit-db.com/exploits/23305 https://www.exploit-db.com/exploits/23306 http://marc.info/?l=bugtraq&m=106729188224252&w=2 http://secunia.com/advisories/10092 http://www.osvdb.org/2729 http://www.securityfocus.com/bid/8906 http://www.texonet.com/advisories/TEXONET-20030908.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/13530 https://www.debian.org/security/2003/dsa-396 • CWE-131: Incorrect Calculation of Buffer Size •
CVE-2002-1562
https://notcve.org/view.php?id=CVE-2002-1562
Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header. Vulnerabilidad de atravesamiento de directorios en thttpd, cuando se usan servidores virtuales, permite a atacantes remotos leer ficheros mediante secuencias .. (punto punto) en la cabecera Host: • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000777 http://marc.info/?l=thttpd&m=103609565110472&w=2 http://news.php.net/article.php?group=php.cvs&article=15698 https://www.debian.org/security/2003/dsa-396 •
CVE-2002-0733 – ACME Labs thttpd 2.20 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0733
Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message. Vulnerabilidad de secuencia de comandos en sitios cruzados en thttpd 2.20 y anteriores permite a atacantes remotos la ejecución arbitraria de rutinas mediante una URL a una página inexistente, lo cual provoca que thttpd inserte la rutina en un mensaje de error 404. • https://www.exploit-db.com/exploits/21422 http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html http://www.acme.com/software/thttpd/#releasenotes http://www.ifrance.com/kitetoua/tuto/5holes1.txt http://www.iss.net/security_center/static/9029.php http://www.osvdb.org/5125 http://www.securityfocus.com/bid/4601 •
CVE-2001-1496
https://notcve.org/view.php?id=CVE-2001-1496
Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code. • http://www.securityfocus.com/archive/1/241310 http://www.securityfocus.com/archive/1/241953 http://www.securityfocus.com/bid/3562 https://exchange.xforce.ibmcloud.com/vulnerabilities/7595 • CWE-193: Off-by-one Error •