Download
| Alert*
oval:org.secpod.oval:def:601232
Several vulnerabilities were discovered in the lighttpd web server. CVE-2014-2323 Jann Horn discovered that specially crafted host names can be used to inject arbitrary MySQL queries in lighttpd servers using the MySQL virtual hosting module . This only affects installations with the lighttpd-mod-my ... oval:org.secpod.oval:def:1600127 Multiple directory traversal vulnerabilities in mod_evhost and mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. in the host name, related to request_check_hostname.SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows r ... oval:org.secpod.oval:def:2000101 An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing "/" character, but the alias target file ... oval:org.secpod.oval:def:1901505 An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing "/" character, but the alias target file ... |