Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lighttpd lighttpd vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-2841
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-3947. Reason: This candidate is a reservation duplicate of CVE-2007-3947. Notes: All CVE users should reference CVE-2007-3947 instead of this candidate. All references and descriptions in this candidate have ...
9.8
CVSSv3
CVE-2019-11072
lighttpd prior to 1.4.54 has a signed integer overflow, which might allow remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_...
Lighttpd Lighttpd
2 Github repositories
9.8
CVSSv3
CVE-2019-10655
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 prior to 1.0.3.219 Beta, and GXV3240 prior to 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a...
Grandstream Gac2500 Firmware
Grandstream Gvc3202 Firmware
Grandstream Gxv3275 Firmware
Grandstream Gxv3240 Firmware
Grandstream Gxp2200 Firmware
7.5
CVSSv3
CVE-2018-19052
An issue exists in mod_alias_physical_handler in mod_alias.c in lighttpd prior to 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, b...
Lighttpd Lighttpd
Opensuse Backports Sle 15.0
Opensuse Leap 15.0
Opensuse Leap 15.1
Suse Suse Linux Enterprise Server 11
Suse Suse Linux Enterprise Server 12
Debian Debian Linux 9.0
3 Github repositories
8.8
CVSSv3
CVE-2017-16524
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated malicious users to upload and execute arbitrary PHP code via a filename with a .php extension, which is then ac...
Hanwhasecurity Web Viewer 1.0.0.193
1 EDB exploit
1 Github repository
NA
CVE-2016-1000212
Dominic Scheirlinck and Scott Geary of Vend reported insecure behavior in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTP_PROXY environment variables, allowing remote attackers to carry out Man in the Middle (MITM) attacks or i...
8.6
CVSSv3
CVE-2015-8279
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote malicious users to read arbitrary files via a request to an unspecified PHP script.
Samsung Web Viewer
2 Metasploit modules
1 Github repository
7.5
CVSSv3
CVE-2015-3200
mod_auth in lighttpd prior to 1.4.36 allows remote malicious users to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.
Lighttpd Lighttpd
Hp Virtual Customer Access System
Oracle Solaris 11.3
NA
CVE-2014-8005
Race condition in the lighttpd module in Cisco IOS XR 5.1 and previous versions on Network Convergence System 6000 devices allows remote malicious users to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239.
Cisco Ios Xr
NA
CVE-2014-2334
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer prior to 5.0.7 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.
Fortinet Fortianalyzer Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »