Search criteria
15 vulnerabilities by acme_labs
CVE-2007-0664 (GCVE-0-2007-0664)
Vulnerability from cvelistv5 – Published: 2007-02-02 00:00 – Updated: 2024-08-07 12:26
VLAI?
Summary
thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:26:54.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=142047"
},
{
"name": "24018",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/24018"
},
{
"name": "31965",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://osvdb.org/31965"
},
{
"name": "22349",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22349"
},
{
"name": "GLSA-200701-28",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-28.xml"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T17:06:30.124869",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://bugs.gentoo.org/show_bug.cgi?id=142047"
},
{
"name": "24018",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/24018"
},
{
"name": "31965",
"tags": [
"vdb-entry"
],
"url": "http://osvdb.org/31965"
},
{
"name": "22349",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/22349"
},
{
"name": "GLSA-200701-28",
"tags": [
"vendor-advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-28.xml"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0664",
"datePublished": "2007-02-02T00:00:00",
"dateReserved": "2007-02-02T00:00:00",
"dateUpdated": "2024-08-07T12:26:54.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4248 (GCVE-0-2006-4248)
Vulnerability from cvelistv5 – Published: 2006-10-31 19:00 – Updated: 2024-08-07 19:06
VLAI?
Summary
thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:06.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20891",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20891"
},
{
"name": "22712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22712"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396277"
},
{
"name": "DSA-1205",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-11-08T10:00:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "20891",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20891"
},
{
"name": "22712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22712"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396277"
},
{
"name": "DSA-1205",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1205"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-4248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20891",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20891"
},
{
"name": "22712",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22712"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396277",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396277"
},
{
"name": "DSA-1205",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1205"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2006-4248",
"datePublished": "2006-10-31T19:00:00",
"dateReserved": "2006-08-21T00:00:00",
"dateUpdated": "2024-08-07T19:06:06.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1078 (GCVE-0-2006-1078)
Vulnerability from cvelistv5 – Published: 2006-03-09 00:00 – Updated: 2025-01-16 20:02
VLAI?
Summary
Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
Severity ?
8.4 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070102 Apache 1.3.37 htpasswd buffer overflow vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051562.html"
},
{
"name": "20060305 htpasswd bufferoverflow and command execution in thttpd-2.25b.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426823/100/0/threaded"
},
{
"name": "[thttpd] 20060305 Re: htpasswd.c security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=thttpd\u0026m=114154083000296\u0026w=2"
},
{
"name": "20041029 Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2004/Oct/0359.html"
},
{
"name": "16972",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16972"
},
{
"tags": [
"x_transferred"
],
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=41279"
},
{
"name": "[thttpd] 20060305 htpasswd.c security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=thttpd\u0026m=114153031201867\u0026w=2"
},
{
"name": "thttpd-command-file-bo(25216)",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25216"
},
{
"name": "20040916 FlowSecurity.org: Local Stack Overflow on htpasswd apache 1.3.31 advsory.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0547.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=31975"
},
{
"name": "20041029 Apache 1.3.33 local buffer overflow in apache 1.3.31 not fixed in .33?",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.security-express.com/archives/fulldisclosure/2004-10/1117.html"
},
{
"name": "apache-htpasswd-strcpy-bo(31236)",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31236"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2006-1078",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:01:08.855744Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T20:02:13.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T17:06:25.293891",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070102 Apache 1.3.37 htpasswd buffer overflow vulnerability",
"tags": [
"mailing-list"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051562.html"
},
{
"name": "20060305 htpasswd bufferoverflow and command execution in thttpd-2.25b.",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/426823/100/0/threaded"
},
{
"name": "[thttpd] 20060305 Re: htpasswd.c security issues",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=thttpd\u0026m=114154083000296\u0026w=2"
},
{
"name": "20041029 Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/bugtraq/2004/Oct/0359.html"
},
{
"name": "16972",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/16972"
},
{
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=41279"
},
{
"name": "[thttpd] 20060305 htpasswd.c security issues",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=thttpd\u0026m=114153031201867\u0026w=2"
},
{
"name": "thttpd-command-file-bo(25216)",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25216"
},
{
"name": "20040916 FlowSecurity.org: Local Stack Overflow on htpasswd apache 1.3.31 advsory.",
"tags": [
"mailing-list"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0547.html"
},
{
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=31975"
},
{
"name": "20041029 Apache 1.3.33 local buffer overflow in apache 1.3.31 not fixed in .33?",
"tags": [
"mailing-list"
],
"url": "http://www.security-express.com/archives/fulldisclosure/2004-10/1117.html"
},
{
"name": "apache-htpasswd-strcpy-bo(31236)",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31236"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1078",
"datePublished": "2006-03-09T00:00:00",
"dateReserved": "2006-03-08T00:00:00",
"dateUpdated": "2025-01-16T20:02:13.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1079 (GCVE-0-2006-1079)
Vulnerability from cvelistv5 – Published: 2006-03-09 00:00 – Updated: 2024-08-07 16:56
VLAI?
Summary
htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060305 htpasswd bufferoverflow and command execution in thttpd-2.25b.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426823/100/0/threaded"
},
{
"name": "[thttpd] 20060305 Re: htpasswd.c security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=thttpd\u0026m=114154083000296\u0026w=2"
},
{
"name": "thttpd-command-line-bo(25217)",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25217"
},
{
"name": "16972",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16972"
},
{
"name": "23828",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.osvdb.org/23828"
},
{
"name": "[thttpd] 20060305 htpasswd.c security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=thttpd\u0026m=114153031201867\u0026w=2"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T17:06:23.451395",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060305 htpasswd bufferoverflow and command execution in thttpd-2.25b.",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/426823/100/0/threaded"
},
{
"name": "[thttpd] 20060305 Re: htpasswd.c security issues",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=thttpd\u0026m=114154083000296\u0026w=2"
},
{
"name": "thttpd-command-line-bo(25217)",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25217"
},
{
"name": "16972",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/16972"
},
{
"name": "23828",
"tags": [
"vdb-entry"
],
"url": "http://www.osvdb.org/23828"
},
{
"name": "[thttpd] 20060305 htpasswd.c security issues",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=thttpd\u0026m=114153031201867\u0026w=2"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1079",
"datePublished": "2006-03-09T00:00:00",
"dateReserved": "2006-03-08T00:00:00",
"dateUpdated": "2024-08-07T16:56:15.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4162 (GCVE-0-2005-4162)
Vulnerability from cvelistv5 – Published: 2005-12-11 11:00 – Updated: 2024-08-07 23:38
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in cal_make.pl in ACME PerlCal 2.99.20 allows remote attackers to inject arbitrary web script or HTML via the p0 parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15779",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15779"
},
{
"name": "1015332",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015332"
},
{
"name": "21540",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21540"
},
{
"name": "20051208 Perl cal XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0315.html"
},
{
"name": "17953",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17953"
},
{
"name": "ADV-2005-2810",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2810"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.perlcal.com/calendar/docs/bugs.txt"
},
{
"name": "perlcal-calmake-xss(23534)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23534"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in cal_make.pl in ACME PerlCal 2.99.20 allows remote attackers to inject arbitrary web script or HTML via the p0 parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15779",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15779"
},
{
"name": "1015332",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015332"
},
{
"name": "21540",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21540"
},
{
"name": "20051208 Perl cal XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0315.html"
},
{
"name": "17953",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17953"
},
{
"name": "ADV-2005-2810",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2810"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.perlcal.com/calendar/docs/bugs.txt"
},
{
"name": "perlcal-calmake-xss(23534)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23534"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in cal_make.pl in ACME PerlCal 2.99.20 allows remote attackers to inject arbitrary web script or HTML via the p0 parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15779",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15779"
},
{
"name": "1015332",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015332"
},
{
"name": "21540",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21540"
},
{
"name": "20051208 Perl cal XSS Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0315.html"
},
{
"name": "17953",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17953"
},
{
"name": "ADV-2005-2810",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2810"
},
{
"name": "http://www.perlcal.com/calendar/docs/bugs.txt",
"refsource": "CONFIRM",
"url": "http://www.perlcal.com/calendar/docs/bugs.txt"
},
{
"name": "perlcal-calmake-xss(23534)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23534"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4162",
"datePublished": "2005-12-11T11:00:00",
"dateReserved": "2005-12-11T00:00:00",
"dateUpdated": "2024-08-07T23:38:51.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2628 (GCVE-0-2004-2628)
Vulnerability from cvelistv5 – Published: 2005-12-04 22:00 – Updated: 2024-08-08 01:36
VLAI?
Summary
Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence ("%5C..") or (2) a drive letter (such as "C:").
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:24.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040804 Bug@thttpd",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109164010629836\u0026w=2"
},
{
"name": "1010850",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/alerts/2004/Aug/1010850.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-directory-traversal(16882)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16882"
},
{
"name": "10862",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10862"
},
{
"name": "20040804 Bug@thttpd",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0097.html"
},
{
"name": "8372",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8372"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence (\"%5C..\") or (2) a drive letter (such as \"C:\")."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040804 Bug@thttpd",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109164010629836\u0026w=2"
},
{
"name": "1010850",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/alerts/2004/Aug/1010850.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-directory-traversal(16882)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16882"
},
{
"name": "10862",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10862"
},
{
"name": "20040804 Bug@thttpd",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0097.html"
},
{
"name": "8372",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8372"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence (\"%5C..\") or (2) a drive letter (such as \"C:\")."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040804 Bug@thttpd",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109164010629836\u0026w=2"
},
{
"name": "1010850",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/alerts/2004/Aug/1010850.html"
},
{
"name": "http://www.acme.com/software/thttpd/#releasenotes",
"refsource": "MISC",
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-directory-traversal(16882)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16882"
},
{
"name": "10862",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10862"
},
{
"name": "20040804 Bug@thttpd",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0097.html"
},
{
"name": "8372",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8372"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2628",
"datePublished": "2005-12-04T22:00:00",
"dateReserved": "2005-12-04T00:00:00",
"dateUpdated": "2024-08-08T01:36:24.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3124 (GCVE-0-2005-3124)
Vulnerability from cvelistv5 – Published: 2005-11-06 11:00 – Updated: 2024-08-07 23:01
VLAI?
Summary
syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:58.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-883",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-883"
},
{
"name": "17472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17472"
},
{
"name": "ADV-2005-2308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2308"
},
{
"name": "17454",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17454"
},
{
"name": "15320",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15320"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-12-20T10:00:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-883",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-883"
},
{
"name": "17472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17472"
},
{
"name": "ADV-2005-2308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2308"
},
{
"name": "17454",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17454"
},
{
"name": "15320",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15320"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-3124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-883",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-883"
},
{
"name": "17472",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17472"
},
{
"name": "ADV-2005-2308",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2308"
},
{
"name": "17454",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17454"
},
{
"name": "15320",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15320"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-3124",
"datePublished": "2005-11-06T11:00:00",
"dateReserved": "2005-10-03T00:00:00",
"dateUpdated": "2024-08-07T23:01:58.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1496 (GCVE-0-2001-1496)
Vulnerability from cvelistv5 – Published: 2005-06-21 04:00 – Updated: 2024-08-08 04:58
VLAI?
Summary
Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20011120 Off-by-one vulnerability in thttpd!!!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/241310"
},
{
"name": "20011123 Re: Off-by-one vulnerability in thttpd!!!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/241953"
},
{
"name": "3562",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3562"
},
{
"name": "thttpd-basic-authentication-bo(7595)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7595"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20011120 Off-by-one vulnerability in thttpd!!!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/241310"
},
{
"name": "20011123 Re: Off-by-one vulnerability in thttpd!!!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/241953"
},
{
"name": "3562",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3562"
},
{
"name": "thttpd-basic-authentication-bo(7595)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7595"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20011120 Off-by-one vulnerability in thttpd!!!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/241310"
},
{
"name": "20011123 Re: Off-by-one vulnerability in thttpd!!!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/241953"
},
{
"name": "3562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3562"
},
{
"name": "thttpd-basic-authentication-bo(7595)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7595"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1496",
"datePublished": "2005-06-21T04:00:00",
"dateReserved": "2005-06-21T00:00:00",
"dateUpdated": "2024-08-08T04:58:11.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0899 (GCVE-0-2003-0899)
Vulnerability from cvelistv5 – Published: 2003-10-30 05:00 – Updated: 2024-08-08 02:05
VLAI?
Summary
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8906",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8906"
},
{
"name": "DSA-396",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"name": "10092",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10092"
},
{
"name": "2729",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/2729"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.texonet.com/advisories/TEXONET-20030908.txt"
},
{
"name": "20031027 Remote overflow in thttpd",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106729188224252\u0026w=2"
},
{
"name": "thttpd-defang-bo(13530)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13530"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain \u0027\u003c\u0027 or \u0027\u003e\u0027 characters, which trigger the overflow when the characters are expanded to \"\u0026lt;\" and \"\u0026gt;\" sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8906",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8906"
},
{
"name": "DSA-396",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"name": "10092",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10092"
},
{
"name": "2729",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/2729"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.texonet.com/advisories/TEXONET-20030908.txt"
},
{
"name": "20031027 Remote overflow in thttpd",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106729188224252\u0026w=2"
},
{
"name": "thttpd-defang-bo(13530)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13530"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain \u0027\u003c\u0027 or \u0027\u003e\u0027 characters, which trigger the overflow when the characters are expanded to \"\u0026lt;\" and \"\u0026gt;\" sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8906"
},
{
"name": "DSA-396",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"name": "10092",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10092"
},
{
"name": "2729",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2729"
},
{
"name": "http://www.texonet.com/advisories/TEXONET-20030908.txt",
"refsource": "MISC",
"url": "http://www.texonet.com/advisories/TEXONET-20030908.txt"
},
{
"name": "20031027 Remote overflow in thttpd",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106729188224252\u0026w=2"
},
{
"name": "thttpd-defang-bo(13530)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13530"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0899",
"datePublished": "2003-10-30T05:00:00",
"dateReserved": "2003-10-28T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1562 (GCVE-0-2002-1562)
Vulnerability from cvelistv5 – Published: 2003-04-26 04:00 – Updated: 2024-08-08 03:26
VLAI?
Summary
Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:26:28.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://news.php.net/article.php?group=php.cvs\u0026article=15698"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://marc.info/?l=thttpd\u0026m=103609565110472\u0026w=2"
},
{
"name": "DSA-396",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"name": "CLA-2003:777",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000777"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://news.php.net/article.php?group=php.cvs\u0026article=15698"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://marc.info/?l=thttpd\u0026m=103609565110472\u0026w=2"
},
{
"name": "DSA-396",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"name": "CLA-2003:777",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000777"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://news.php.net/article.php?group=php.cvs\u0026article=15698",
"refsource": "CONFIRM",
"url": "http://news.php.net/article.php?group=php.cvs\u0026article=15698"
},
{
"name": "http://marc.info/?l=thttpd\u0026m=103609565110472\u0026w=2",
"refsource": "CONFIRM",
"url": "http://marc.info/?l=thttpd\u0026m=103609565110472\u0026w=2"
},
{
"name": "DSA-396",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"name": "CLA-2003:777",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000777"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1562",
"datePublished": "2003-04-26T04:00:00",
"dateReserved": "2003-04-22T00:00:00",
"dateUpdated": "2024-08-08T03:26:28.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0748 (GCVE-0-2001-0748)
Vulnerability from cvelistv5 – Published: 2003-04-02 05:00 – Updated: 2024-08-08 04:30
VLAI?
Summary
Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:30:06.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020702 Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/acmeweb-acsunix-dirtravers-vuln-pub.shtml"
},
{
"name": "2809",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2809"
},
{
"name": "20010531 Acme.Server v1.7 of 13nov96 Directory Browsing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/188141"
},
{
"name": "acme-serve-directory-traversal(6634)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/6634.php"
},
{
"name": "5544",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5544"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-06-26T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020702 Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/acmeweb-acsunix-dirtravers-vuln-pub.shtml"
},
{
"name": "2809",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2809"
},
{
"name": "20010531 Acme.Server v1.7 of 13nov96 Directory Browsing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/188141"
},
{
"name": "acme-serve-directory-traversal(6634)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/6634.php"
},
{
"name": "5544",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5544"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020702 Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/acmeweb-acsunix-dirtravers-vuln-pub.shtml"
},
{
"name": "2809",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2809"
},
{
"name": "20010531 Acme.Server v1.7 of 13nov96 Directory Browsing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/188141"
},
{
"name": "acme-serve-directory-traversal(6634)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/6634.php"
},
{
"name": "5544",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5544"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0748",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2001-10-12T00:00:00",
"dateUpdated": "2024-08-08T04:30:06.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0733 (GCVE-0-2002-0733)
Vulnerability from cvelistv5 – Published: 2003-04-02 05:00 – Updated: 2024-08-08 02:56
VLAI?
Summary
Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ifrance.com/kitetoua/tuto/5holes1.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-error-page-css(9029)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9029.php"
},
{
"name": "4601",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4601"
},
{
"name": "20020417 Smalls holes on 5 products #1",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html"
},
{
"name": "5125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5125"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-07-31T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ifrance.com/kitetoua/tuto/5holes1.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-error-page-css(9029)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9029.php"
},
{
"name": "4601",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4601"
},
{
"name": "20020417 Smalls holes on 5 products #1",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html"
},
{
"name": "5125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5125"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ifrance.com/kitetoua/tuto/5holes1.txt",
"refsource": "MISC",
"url": "http://www.ifrance.com/kitetoua/tuto/5holes1.txt"
},
{
"name": "http://www.acme.com/software/thttpd/#releasenotes",
"refsource": "CONFIRM",
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-error-page-css(9029)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9029.php"
},
{
"name": "4601",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4601"
},
{
"name": "20020417 Smalls holes on 5 products #1",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html"
},
{
"name": "5125",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5125"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0733",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-07-25T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0463 (GCVE-0-2001-0463)
Vulnerability from cvelistv5 – Published: 2002-03-09 05:00 – Updated: 2024-08-08 04:21
VLAI?
Summary
Directory traversal vulnerability in cal_make.pl in PerlCal allows remote attackers to read arbitrary files via a .. (dot dot) in the p0 parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.perlcal.com/calendar/docs/bugs.txt"
},
{
"name": "2663",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2663"
},
{
"name": "20010427 PerlCal (CGI) show files vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0506.html"
},
{
"name": "perlcal-calmake-directory-traversal(6480)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6480"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in cal_make.pl in PerlCal allows remote attackers to read arbitrary files via a .. (dot dot) in the p0 parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.perlcal.com/calendar/docs/bugs.txt"
},
{
"name": "2663",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2663"
},
{
"name": "20010427 PerlCal (CGI) show files vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0506.html"
},
{
"name": "perlcal-calmake-directory-traversal(6480)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6480"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in cal_make.pl in PerlCal allows remote attackers to read arbitrary files via a .. (dot dot) in the p0 parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.perlcal.com/calendar/docs/bugs.txt",
"refsource": "CONFIRM",
"url": "http://www.perlcal.com/calendar/docs/bugs.txt"
},
{
"name": "2663",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2663"
},
{
"name": "20010427 PerlCal (CGI) show files vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0506.html"
},
{
"name": "perlcal-calmake-directory-traversal(6480)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6480"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0463",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-05-24T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0900 (GCVE-0-2000-0900)
Vulnerability from cvelistv5 – Published: 2001-01-22 05:00 – Updated: 2024-08-08 05:37
VLAI?
Summary
Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:31.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1737",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1737"
},
{
"name": "FreeBSD-SA-00:73",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc"
},
{
"name": "acme-thttpd-ssi(5313)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5313"
},
{
"name": "20001002 thttpd ssi: retrieval of arbitrary world-readable files",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a \"%2e%2e\" string, a variation of the .. (dot dot) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1737",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1737"
},
{
"name": "FreeBSD-SA-00:73",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc"
},
{
"name": "acme-thttpd-ssi(5313)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5313"
},
{
"name": "20001002 thttpd ssi: retrieval of arbitrary world-readable files",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a \"%2e%2e\" string, a variation of the .. (dot dot) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1737"
},
{
"name": "FreeBSD-SA-00:73",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc"
},
{
"name": "acme-thttpd-ssi(5313)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5313"
},
{
"name": "20001002 thttpd ssi: retrieval of arbitrary world-readable files",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0900",
"datePublished": "2001-01-22T05:00:00",
"dateReserved": "2000-11-24T00:00:00",
"dateUpdated": "2024-08-08T05:37:31.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0359 (GCVE-0-2000-0359)
Vulnerability from cvelistv5 – Published: 2000-07-12 04:00 – Updated: 2024-08-08 05:14
VLAI?
Summary
Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:14:21.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1248"
},
{
"name": "19991116 Security hole in thttpd 1.90a - 2.04",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_30.html"
},
{
"name": "19991113 thttpd 2.04 stack overflow (VD#6)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/1626.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1248"
},
{
"name": "19991116 Security hole in thttpd 1.90a - 2.04",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_30.html"
},
{
"name": "19991113 thttpd 2.04 stack overflow (VD#6)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/1626.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1248"
},
{
"name": "19991116 Security hole in thttpd 1.90a - 2.04",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_30.html"
},
{
"name": "19991113 thttpd 2.04 stack overflow (VD#6)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/1626.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0359",
"datePublished": "2000-07-12T04:00:00",
"dateReserved": "2000-05-23T00:00:00",
"dateUpdated": "2024-08-08T05:14:21.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}