366 matches found
Monkey HTTP Daemon 0.x - Missing Host Field Denial of Service
Monkey HTTP Daemon 0.x - Missing Host Field Denial of Service source: https://www.securityfocus.com/bid/9642/info Monkey HTTP Daemon is prone to a denial of service attacks. HTTP GET requests, which do not include a 'Host' header field, will trigger this condition. The server will need to be...
Monkeyd Denial of Service vulnerability
Background The Monkey HTTP daemon is a Web server written in C that works under Linux and is based on the HTTP/1.1 protocol. It aims to develop a fast, efficient and small web server. Description A bug in the URI processing of incoming requests allows for a Denial of Service to be launched agains...
Monkey HTTP Daemon 0.x - Missing Host Field Denial of Service
source: https://www.securityfocus.com/bid/9642/info Monkey HTTP Daemon is prone to a denial of service attacks. HTTP GET requests, which do not include a 'Host' header field, will trigger this condition. The server will need to be restarted to regain normal functionality...
QuikStore Shopping Cart quikstore.cgi template Parameter Traversal Arbitrary File Access
The CGI 'quickstore.cgi' is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the HTTP daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Date: Tue, 23 Dec 2003 20:27:51 +0800 From: DrPonidi Haryanto Subject:...
CVE-2003-1209
The PostMethod function in Monkey HTTP Daemon before 0.6.2 allows remote attackers to cause a denial of service crash via a POST request without a Content-Type header...
Monkey HTTP Daemon (monkeyd) Post_Method Function Crafted Content-Length Header DoS
The remote Monkey Web Server crashes when it receives an incorrect POST command with an empty 'Content-Length:' field. TRUSTED...
I2S-LAB-25-09-2003.txt
I2S LAB Security Advisory http://www.I2S-LAB.com Date : 25/09/2003 Affected systems : FirstClass build 133 SP3 and previous versions HTTP Daemon Vendor : http://www.centrinity.com Issue : Attackers can remotely shutdown internet services HTTP/FTP/SMTP/POP3/IMAP4/... Description FirstClass is a...
Monkey Http Daemon
After reading the PHP XSS "exploit" I dont know if it qualifies as one in phpinfo, I found out that on the default page of the Monkey Http Daemon, there is a Test of Supports section. Two links are included: http://whateverhost/php/index.php and http://whateverhost/cgi-bin/test.pl index.php just...
CVE-2003-0218
Buffer overflow in PostMethod function for Monkey HTTP Daemon monkeyd 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body...
HappyMall Multiple Script Arbitrary Command Execution
There is a flaw HappyMall that could allow an attacker to execute arbitrary commands with the privileges of the HTTP daemon typically root or nobody, by making a request like : /shop/normalhtml.cgi?file=|id| In addition, memberhtml.cgi has been reported vulnerable. However, Nessus has not checked...
Mike Bobbitt's album.pl Alternative Configuration File Remote Command Execution
The remote host is running a version of the CGI 'album.pl' which is older than version 6.2 According to its version number, this CGI may allow an attacker to execute arbitrary commands on this host with the privileges of the HTTP daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
CVE-2003-0218
The CVE-2003-0218 entry concerns Monkey HTTP Server (monkeyd) up to version 0.6.1. A buffer overflow in the PostMethod() triggered by a POST with a large body is described as allowing remote code execution or a server crash. Public details across sources consistently note that vulnerable software...
CVE-2003-0218
Buffer overflow in PostMethod function for Monkey HTTP Daemon monkeyd 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body...
Nokia IPSO Voyager WebGUI readfile.tcl file Parameter Arbitrary File Access
The remote host includes a CGI /cgi-bin/readfile.tcl which allows anyone to read arbitrary files on the remote host with the privileges of the HTTP daemon typically 'nobody'. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: From: Jonas Eriksson mailto:[email protected] Date: 23/04/2003 To:...
Monkey HTTP Daemon (monkeyd) PostMethod() Function Remote Overflow
The version of Monkey web server that you are running is vulnerable to a buffer overflow on a POST command with too much data. It is possible to make this web server crash or execute arbitrary code. C Tenable Network Security, Inc. Ref: From: "Matthew Murphy" To: "BugTraq" Subject: Monkey HTTPd...
monkeyHTTPd.txt
Monkey HTTP Daemon Remote Buffer Overflow ABSTRACT "Monkey is a Web server written in C that works under Linux. This is an open source project based on the HTTP/1.1 protocol. The objective is to develop a fast, efficient, small and easy to configure web server." quote from...
[UNIX] Monkey HTTP Daemon Remote Buffer Overflow
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion In the US? Contact Beyond Security at our new California office housewarming rates on automated network vulnerability scanning. We also...
Monkey HTTP Daemon 0.4/0.5/0.6 - Excessive POST Data Buffer Overflow
source: https://www.securityfocus.com/bid/7202/info Monkey HTTP Daemon is prone to a boundary condition error. This condition occurs when the server attempts to handle excessive HTTP POST data. Exploitation could allow a remote attacker to corrupt sensitive regions of memory with attacker-supplie...
Monkey HTTP Daemon 0.40.50.6 - Excessive POST Data Buffer Overflow
Monkey HTTP Daemon 0.40.50.6 - Excessive POST Data Buffer Overflow source: https://www.securityfocus.com/bid/7202/info Monkey HTTP Daemon is prone to a boundary condition error. This condition occurs when the server attempts to handle excessive HTTP POST data. Exploitation could allow a remote...
CVE-2002-2154
Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. dot dot sequences...