Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lighttpd lighttpd vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2018-14067
Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces (including the external Internet) by default. NOTE: this may over...
Greenpacket Dv-360 Firmware 2.10.14-g1.0.6.1
739
VMScore
CVE-2007-3949
mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote malicious users to bypass url.access-deny settings.
Lighttpd Lighttpd
694
VMScore
CVE-2007-1870
lighttpd prior to 1.4.14 allows malicious users to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference.
Lighttpd Lighttpd 1.3.14
Lighttpd Lighttpd 1.3.15
Lighttpd Lighttpd 1.3.16
Lighttpd Lighttpd 1.3.8
Lighttpd Lighttpd 1.3.9
Lighttpd Lighttpd 1.4.3
Lighttpd Lighttpd 1.4.4
Lighttpd Lighttpd 1.3.12
Lighttpd Lighttpd 1.3.13
Lighttpd Lighttpd 1.3.6
Lighttpd Lighttpd 1.3.7
Lighttpd Lighttpd 1.4.13
Lighttpd Lighttpd 1.4.2
Lighttpd Lighttpd 1.4.9
Lighttpd Lighttpd 1.3.10
Lighttpd Lighttpd 1.3.11
Lighttpd Lighttpd 1.3.4
Lighttpd Lighttpd 1.3.5
Lighttpd Lighttpd 1.4.10
Lighttpd Lighttpd 1.4.12
Lighttpd Lighttpd 1.4.7
Lighttpd Lighttpd 1.4.8
676
VMScore
CVE-2013-4559
lighttpd prior to 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote malicious users to gain privileges, as demonstrated by multiple calls to the clone fu...
Lighttpd Lighttpd
Debian Debian Linux 6.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
668
VMScore
CVE-2019-11072
lighttpd prior to 1.4.54 has a signed integer overflow, which might allow remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_...
Lighttpd Lighttpd
2 Github repositories
668
VMScore
CVE-2019-10655
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 prior to 1.0.3.219 Beta, and GXV3240 prior to 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a...
Grandstream Gac2500 Firmware
Grandstream Gvc3202 Firmware
Grandstream Gxv3275 Firmware
Grandstream Gxv3240 Firmware
Grandstream Gxp2200 Firmware
668
VMScore
CVE-2014-2323
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd prior to 1.4.35 allows remote malicious users to execute arbitrary SQL commands via the host name, related to request_check_hostname.
Lighttpd Lighttpd
Debian Debian Linux 6.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Opensuse Opensuse 11.4
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
Suse Linux Enterprise High Availability Extension 11
Suse Linux Enterprise Software Development Kit 11
1 Github repository
668
VMScore
CVE-2008-4359
lighttpd prior to 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote malicious users to bypass intended access restrictions, and obtain sensitive information or possibly modi...
Lighttpd Lighttpd
Debian Debian Linux 4.0
668
VMScore
CVE-2008-4360
mod_userdir in lighttpd prior to 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote malicious users to bypass intended access restrictions, as demons...
Lighttpd Lighttpd
Debian Debian Linux 4.0
655
VMScore
CVE-2017-16524
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated malicious users to upload and execute arbitrary PHP code via a filename with a .php extension, which is then ac...
Hanwhasecurity Web Viewer 1.0.0.193
1 EDB exploit
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »