CVSS: 6.8EPSS: 4%CPEs: 27EXPL: 0CVE-2005-0085
https://notcve.org/view.php?id=CVE-2005-0085
15 Feb 2005 — Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en ht://dig (htdig) anteriores a 3.1.6r7 permite a atacantes remotos ejecutar script web de su elección o HTML mediante el parámetro config, que no es limpiado adecuamante antes de ser mostrado en le men... • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.46/SCOSA-2005.46.txt •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2002-2010
https://notcve.org/view.php?id=CVE-2002-2010
31 Dec 2002 — Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig (ht://Dig) 3.1.5, 3.1.6, and 3.2 allows remote attackers to inject arbitrary web script or HTML via the words parameter. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0321.html •
CVSS: 7.5EPSS: 2%CPEs: 12EXPL: 0CVE-2001-0834
https://notcve.org/view.php?id=CVE-2001-0834
06 Dec 2001 — htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000429 •
CVSS: 5.3EPSS: 2%CPEs: 2EXPL: 0CVE-2000-1191
https://notcve.org/view.php?id=CVE-2000-1191
31 Aug 2001 — htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path. • http://www.securiteam.com/exploits/htDig_reveals_web_server_configuration_paths.html • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.5EPSS: 6%CPEs: 5EXPL: 1CVE-2000-0208 – The ht://Dig Group ht://Dig 3.1.1/3.1.2/3.1.3/3.1.4/3.2 .0b1 - Arbitrary File Inclusion
https://notcve.org/view.php?id=CVE-2000-0208
29 Feb 2000 — The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch. • https://www.exploit-db.com/exploits/19785 •