Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lighttpd lighttpd vulnerabilities and exploits
(subscribe to this query)
8.6
CVSSv3
CVE-2015-8279
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote malicious users to read arbitrary files via a request to an unspecified PHP script.
Samsung Web Viewer
2 Metasploit modules
1 Github repository
7.5
CVSSv3
CVE-2015-3200
mod_auth in lighttpd prior to 1.4.36 allows remote malicious users to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.
Lighttpd Lighttpd
Hp Virtual Customer Access System
Oracle Solaris 11.3
NA
CVE-2014-8005
Race condition in the lighttpd module in Cisco IOS XR 5.1 and previous versions on Network Convergence System 6000 devices allows remote malicious users to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239.
Cisco Ios Xr
NA
CVE-2014-2334
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer prior to 5.0.7 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.
Fortinet Fortianalyzer Firmware
NA
CVE-2014-2469
Unspecified vulnerability in lighttpd in Oracle Solaris 11.1 allows malicious users to cause a denial of service via unknown vectors.
Oracle Sunos 5.11.1
9.8
CVSSv3
CVE-2014-2323
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd prior to 1.4.35 allows remote malicious users to execute arbitrary SQL commands via the host name, related to request_check_hostname.
Lighttpd Lighttpd
Debian Debian Linux 6.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Opensuse Opensuse 11.4
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
Suse Linux Enterprise High Availability Extension 11
Suse Linux Enterprise Software Development Kit 11
1 Github repository
NA
CVE-2014-2324
Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd prior to 1.4.35 allow remote malicious users to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.
Lighttpd Lighttpd
Debian Debian Linux 6.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Opensuse Opensuse 11.4
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
Suse Linux Enterprise High Availability Extension 11
Suse Linux Enterprise Software Development Kit 11
Contec Sv-cpt-mc310 Firmware
2 Github repositories
NA
CVE-2013-4559
lighttpd prior to 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote malicious users to gain privileges, as demonstrated by multiple calls to the clone fu...
Lighttpd Lighttpd
Debian Debian Linux 6.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
NA
CVE-2013-4560
Use-after-free vulnerability in lighttpd prior to 1.4.33 allows remote malicious users to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.
Lighttpd Lighttpd
Debian Debian Linux 6.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
7.5
CVSSv3
CVE-2013-4508
lighttpd prior to 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote malicious users to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.
Lighttpd Lighttpd
Debian Debian Linux 6.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »