CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-17663
https://notcve.org/view.php?id=CVE-2017-17663
06 Feb 2018 — The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution. La implementación htpasswd de mini_httpd, en versiones anteriores a la v1.28 y de thttpd, en versiones anteriores a la v2.28, se ha visto afectada por un desbordamiento de búfer que podría ser explotado de forma remota para ejecutar código. • http://acme.com/updates/archive/199.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2007-0664 – m-privacy TightGate-Pro Code Execution / Insecure Permissions
https://notcve.org/view.php?id=CVE-2007-0664
02 Feb 2007 — thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files. thttpd anterior a 2.25b-r6 en Gentoo Linux es iniciado desde el directorio raíz del sistema (/) por el paquete de distribución base 1.12.6 de Gentoo, lo cual permite a atacantes remotos leer archivos de su elección. m-privacy TightGate-Pro suffers from code execution, insecure permissions, deletion mitigation, and outdated server... • https://packetstorm.news/files/id/175949 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2005-3124
https://notcve.org/view.php?id=CVE-2005-3124
06 Nov 2005 — syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file. • http://secunia.com/advisories/17454 •
CVSS: 9.8EPSS: 29%CPEs: 3EXPL: 4CVE-2003-0899 – thttpd 2.2x - 'defang' Remote Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2003-0899
30 Oct 2003 — Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences. Desbordamiento de búfer en la función defang en libhttpd.c de thttpd 2.21 a 2.23b1, permite a atacantes remotos ejecutar código de su elección mediante peticiones que contienen caracteres '<' ó '>' que provocan el desbordamiento cuando son expandidos a la... • https://www.exploit-db.com/exploits/23305 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0892
https://notcve.org/view.php?id=CVE-2001-0892
13 Nov 2001 — Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /. • http://marc.info/?l=bugtraq&m=100568999726036&w=2 • CWE-668: Exposure of Resource to Wrong Sphere •