CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2024-0263 – ACME Ultra Mini HTTPd HTTP GET Request denial of service
https://notcve.org/view.php?id=CVE-2024-0263
07 Jan 2024 — A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been classified as problematic. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. • https://0day.today/exploit/description/39212 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47793 – WordPress Acme Fix Images plugin <= 1.0.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-47793
15 Nov 2023 — Missing Authorization vulnerability in acmethemes Acme Fix Images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Acme Fix Images: from n/a through 1.0.0. The Acme Fix Images plugin for WordPress is vulnerable to unauthorized access to the acme_fix_images_ajax_callback function in versions up to, and including, 1.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to resize images. • https://patchstack.com/database/wordpress/plugin/acme-fix-images/vulnerability/wordpress-acme-fix-images-plugin-1-0-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-38198
https://notcve.org/view.php?id=CVE-2023-38198
13 Jul 2023 — acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023. • http://www.openwall.com/lists/oss-security/2023/07/13/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0158
https://notcve.org/view.php?id=CVE-2007-0158
27 Dec 2019 — thttpd 2007 has buffer underflow. thttpd versión 2007, tiene un desbordamiento de búfer. • http://taviso.decsystem.org/research.t2t • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-5640
https://notcve.org/view.php?id=CVE-2012-5640
25 Nov 2019 — thttpd has a local DoS vulnerability via specially-crafted .htpasswd files thttpd, presenta una vulnerabilidad de tipo DoS local por medio de archivos .htpasswd especialmente diseñados. • http://www.openwall.com/lists/oss-security/2012/12/15/1 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 92%CPEs: 1EXPL: 2CVE-2018-18778
https://notcve.org/view.php?id=CVE-2018-18778
29 Oct 2018 — ACME mini_httpd before 1.30 lets remote users read arbitrary files. ACME mini_httpd en versiones anteriores a la 1.30 permite que usuarios remotos lean archivos arbitrarios. • https://github.com/auk0x01/CVE-2018-18778-Scanner • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-17663
https://notcve.org/view.php?id=CVE-2017-17663
06 Feb 2018 — The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution. La implementación htpasswd de mini_httpd, en versiones anteriores a la v1.28 y de thttpd, en versiones anteriores a la v2.28, se ha visto afectada por un desbordamiento de búfer que podría ser explotado de forma remota para ejecutar código. • http://acme.com/updates/archive/199.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1548
https://notcve.org/view.php?id=CVE-2015-1548
10 Feb 2015 — mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read. mini_httpd 1.21 y anteriores permite a atacantes remotos obtener información sensible de la memoria de procesos a través de una solicitud HTTP con una cadena de protocolo largo, lo que provoca un cálculo del tamaño de respuesta incorrecta y una lectura fuera de rango. • http://itinsight.hu/en/posts/articles/2015-01-23-mini-httpd • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 21%CPEs: 13EXPL: 5CVE-2014-4927 – ACME micro_httpd - Denial of Service
https://notcve.org/view.php?id=CVE-2014-4927
19 Jul 2014 — Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request. Desbordamiento de buffer en ACME micro_httpd, utilizado en los routers D-Link DSL2750U y DSL2740U y NetGear WGR614 y MR-ADSL-DG834 permite a atacantes remotos causar una denegación de servicio (caída) a través de una cadena larga en la URI en una solicitud GET. ACME micro_httpd suf... • https://packetstorm.news/files/id/127544 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2013-0348
https://notcve.org/view.php?id=CVE-2013-0348
13 Dec 2013 — thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file. thttpd.c en sthttpd antes de 2.26.4-r2 y httpd 2.25b usa permisos de lectura universales para / var / log / thttpd.log, lo que permite a usuarios locales obtener información sensible mediante la lectura del archivo. • http://lists.opensuse.org/opensuse-updates/2013-12/msg00050.html • CWE-264: Permissions, Privileges, and Access Controls •