CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2024-0263 – ACME Ultra Mini HTTPd HTTP GET Request denial of service
https://notcve.org/view.php?id=CVE-2024-0263
A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been classified as problematic. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. • https://0day.today/exploit/description/39212 https://packetstormsecurity.com/files/176333/Ultra-Mini-HTTPd-1.21-Denial-Of-Service.html https://vuldb.com/?ctiid.249819 https://vuldb.com/?id.249819 https://www.youtube.com/watch?v=HWOGeg3e5As • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47793 – Acme Fix Images <= 1.0.0 - Missing Authorization via acme_fix_images_ajax_callback
https://notcve.org/view.php?id=CVE-2023-47793
The Acme Fix Images plugin for WordPress is vulnerable to unauthorized access to the acme_fix_images_ajax_callback function in versions up to, and including, 1.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to resize images. • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38198
https://notcve.org/view.php?id=CVE-2023-38198
acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023. • http://www.openwall.com/lists/oss-security/2023/07/13/1 https://github.com/acmesh-official/acme.sh/issues/4659 https://github.com/acmesh-official/acme.sh/releases/tag/3.0.6 https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/heXVr8o83Ys https://news.ycombinator.com/item?id=36252310 https://news.ycombinator.com/item?id=36254093 https://www.reddit.com/r/netsec/comments/144ygg7/acmesh_runs_arbitrary_commands_from_a_remote • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0158
https://notcve.org/view.php?id=CVE-2007-0158
thttpd 2007 has buffer underflow. thttpd versión 2007, tiene un desbordamiento de búfer. • http://taviso.decsystem.org/research.t2t • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-5640
https://notcve.org/view.php?id=CVE-2012-5640
thttpd has a local DoS vulnerability via specially-crafted .htpasswd files thttpd, presenta una vulnerabilidad de tipo DoS local por medio de archivos .htpasswd especialmente diseñados. • http://www.openwall.com/lists/oss-security/2012/12/15/1 https://access.redhat.com/security/cve/cve-2012-5640 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5640 https://security-tracker.debian.org/tracker/CVE-2012-5640 • CWE-476: NULL Pointer Dereference •