95.154.22.171

Regular View Raw Data History
Last Seen: 2022-05-24

GeneralInformation

Hostnames 5F9A16AB.rev.sefiber.dk, router.asus.com, johnhaugaard.synology.me
Domains asus.comsefiber.dksynology.me
Country Denmark
City Kolding
Organization Stofa A/S
ISP Stofa A/S
ASN AS39642

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2014-2324 Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.
CVE-2013-4508 lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.
CVE-2013-4560 Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.
CVE-2013-4559 lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached.
CVE-2014-2323 SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.
CVE-2011-4362 Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.
CVE-2018-19052 An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.
-617665685 | 2022-05-15T00:14:12.736324
        
21 / tcp
-712030698 | 2022-05-09T23:10:19.785132
        
22 / tcp
962475772 | 2022-05-17T21:50:03.283226
        
25 / tcp
-955965624 | 2022-05-19T02:41:45.613735
        
80 / tcp
-631313943 | 2022-05-09T12:04:48.412822
        
81 / tcp
627497982 | 2022-05-14T03:02:32.441758
        
83 / tcp
83513731 | 2022-05-16T05:11:07.204691
        
84 / tcp
1172846970 | 2022-05-12T08:23:04.680379
        
110 / tcp
1388729976 | 2022-05-02T07:46:41.662408
        
143 / tcp
-955965624 | 2022-05-19T07:14:53.212542
        
443 / tcp
1491504413 | 2022-04-27T20:41:15.582729
        
587 / tcp
2065750120 | 2022-05-13T05:33:38.943798
        
993 / tcp
-1021383519 | 2022-05-22T02:18:16.612347
        
995 / tcp
-1477097694 | 2022-05-12T02:53:10.810107
        
5000 / tcp
-1712516925 | 2022-05-15T15:37:08.320640
        
5001 / tcp
-68731459 | 2022-05-24T08:08:29.025417
        
8081 / tcp
1633426721 | 2022-05-17T10:33:38.751971
        
8443 / tcp



Contact Us

Shodan ® - All rights reserved