Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lighttpd lighttpd vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-51631
D-Link DIR-X3260 prog.cgi SetUsersSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent malicious users to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to ex...
NA
CVE-2007-2841
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-3947. Reason: This candidate is a reservation duplicate of CVE-2007-3947. Notes: All CVE users should reference CVE-2007-3947 instead of this candidate. All references and descriptions in this candidate have ...
NA
CVE-2016-1000212
Dominic Scheirlinck and Scott Geary of Vend reported insecure behavior in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTP_PROXY environment variables, allowing remote attackers to carry out Man in the Middle (MITM) attacks or i...
NA
CVE-2014-8005
Race condition in the lighttpd module in Cisco IOS XR 5.1 and previous versions on Network Convergence System 6000 devices allows remote malicious users to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239.
Cisco Ios Xr
NA
CVE-2014-2334
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer prior to 5.0.7 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.
Fortinet Fortianalyzer Firmware
NA
CVE-2014-2469
Unspecified vulnerability in lighttpd in Oracle Solaris 11.1 allows malicious users to cause a denial of service via unknown vectors.
Oracle Sunos 5.11.1
NA
CVE-2014-2324
Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd prior to 1.4.35 allow remote malicious users to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.
Lighttpd Lighttpd
Debian Debian Linux 6.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Opensuse Opensuse 11.4
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
Suse Linux Enterprise High Availability Extension 11
Suse Linux Enterprise Software Development Kit 11
Contec Sv-cpt-mc310 Firmware
2 Github repositories
NA
CVE-2013-4559
lighttpd prior to 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote malicious users to gain privileges, as demonstrated by multiple calls to the clone fu...
Lighttpd Lighttpd
Debian Debian Linux 6.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
NA
CVE-2013-4560
Use-after-free vulnerability in lighttpd prior to 1.4.33 allows remote malicious users to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.
Lighttpd Lighttpd
Debian Debian Linux 6.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
NA
CVE-2013-1427
The configuration file for the FastCGI PHP support for lighttpd prior to 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a diffe...
Lighttpd Lighttpd 1.4.23
Lighttpd Lighttpd 1.4.22
Lighttpd Lighttpd 1.4.15
Lighttpd Lighttpd 1.4.12
Lighttpd Lighttpd 1.4.4
Lighttpd Lighttpd 1.4.3
Lighttpd Lighttpd
Lighttpd Lighttpd 1.4.26
Lighttpd Lighttpd 1.4.19
Lighttpd Lighttpd 1.4.18
Lighttpd Lighttpd 1.4.8
Lighttpd Lighttpd 1.4.7
Lighttpd Lighttpd 1.4.21
Lighttpd Lighttpd 1.4.20
Lighttpd Lighttpd 1.4.13
Lighttpd Lighttpd 1.4.10
Lighttpd Lighttpd 1.4.9
Lighttpd Lighttpd 1.3.16
Lighttpd Lighttpd 1.4.25
Lighttpd Lighttpd 1.4.24
Lighttpd Lighttpd 1.4.11
Lighttpd Lighttpd 1.4.16
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »