Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
thttpd vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2002-1562
Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote malicious users to read arbitrary files via .. (dot dot) sequences in the Host: header.
Acme Labs Thttpd
9.8
CVSSv3
CVE-2007-0158
thttpd 2007 has buffer underflow.
Acme Thttpd 2007
NA
CVE-2009-4491
thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a termin...
Acme Thttpd 2.25
1 EDB exploit
NA
CVE-2006-1079
htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-s...
Acme Labs Thttpd 2.25b
NA
CVE-2006-1078
Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setu...
Acme Labs Thttpd 2.25b
NA
CVE-2006-4248
thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file.
Acme Labs Thttpd 2.25b
NA
CVE-2004-2628
Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote malicious users to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence ("%5C..") or (2) a drive letter (such as "C:&quo...
Acme Labs Thttpd 2.0.7 Beta 0.4
1 EDB exploit
NA
CVE-2002-0733
Cross-site scripting vulnerability in thttpd 2.20 and previous versions allows remote malicious users to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message.
Acme Labs Thttpd 2.20b
1 EDB exploit
9.8
CVSSv3
CVE-2017-17663
The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution.
Acme Thttpd
Acme Mini Httpd
NA
CVE-2013-0348
thttpd.c in sthttpd prior to 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.
Open Source Development Team Sthttpd 2.26.3
Open Source Development Team Sthttpd 2.26
Open Source Development Team Sthttpd 2.26.1
Open Source Development Team Sthttpd 2.26.2
Open Source Development Team Sthttpd
Fedoraproject Fedora 17
Fedoraproject Fedora 18
Opensuse Opensuse 12.3
Opensuse Opensuse 12.2
Gentoo Linux
Opensuse Opensuse 13.1
Acme Thttpd 2.25
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »