VYPR

Htdig

by Htdig

CVEs (6)

  • CVE-2007-6110Nov 23, 2007
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.

  • CVE-2000-0208Feb 29, 2000
    risk 0.03cvss epss 0.06

    The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch.

  • CVE-2005-0085Apr 27, 2005
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.

  • CVE-2002-2010Dec 31, 2002
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig (ht://Dig) 3.1.5, 3.1.6, and 3.2 allows remote attackers to inject arbitrary web script or HTML via the words parameter.

  • CVE-2001-0834Dec 6, 2001
    risk 0.00cvss epss 0.03

    htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read…

  • CVE-2000-1191Aug 31, 2001
    risk 0.00cvss epss 0.03

    htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path.