Monkey Http Daemon

After reading the PHP XSS "exploit" I dont know if it qualifies as one in phpinfo, I found out that on the default page of the Monkey Http Daemon, there is a Test of Supports section. Two links are included: http://whateverhost/php/index.php and http://whateverhost/cgi-bin/test.pl index.php just...

CVE-2003-0218

Buffer overflow in PostMethod function for Monkey HTTP Daemon monkeyd 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body...

HappyMall Multiple Script Arbitrary Command Execution

There is a flaw HappyMall that could allow an attacker to execute arbitrary commands with the privileges of the HTTP daemon typically root or nobody, by making a request like : /shop/normalhtml.cgi?file=|id| In addition, memberhtml.cgi has been reported vulnerable. However, Nessus has not checked...

Mike Bobbitt's album.pl Alternative Configuration File Remote Command Execution

The remote host is running a version of the CGI 'album.pl' which is older than version 6.2 According to its version number, this CGI may allow an attacker to execute arbitrary commands on this host with the privileges of the HTTP daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

CVE-2003-0218

The CVE-2003-0218 entry concerns Monkey HTTP Server (monkeyd) up to version 0.6.1. A buffer overflow in the PostMethod() triggered by a POST with a large body is described as allowing remote code execution or a server crash. Public details across sources consistently note that vulnerable software...

CVE-2003-0218

Buffer overflow in PostMethod function for Monkey HTTP Daemon monkeyd 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body...

Nokia IPSO Voyager WebGUI readfile.tcl file Parameter Arbitrary File Access

The remote host includes a CGI /cgi-bin/readfile.tcl which allows anyone to read arbitrary files on the remote host with the privileges of the HTTP daemon typically 'nobody'. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: From: Jonas Eriksson mailto:[email protected] Date: 23/04/2003 To:...

Monkey HTTP Daemon (monkeyd) PostMethod() Function Remote Overflow

The version of Monkey web server that you are running is vulnerable to a buffer overflow on a POST command with too much data. It is possible to make this web server crash or execute arbitrary code. C Tenable Network Security, Inc. Ref: From: "Matthew Murphy" To: "BugTraq" Subject: Monkey HTTPd...

monkeyHTTPd.txt

Monkey HTTP Daemon Remote Buffer Overflow ABSTRACT "Monkey is a Web server written in C that works under Linux. This is an open source project based on the HTTP/1.1 protocol. The objective is to develop a fast, efficient, small and easy to configure web server." quote from...

[UNIX] Monkey HTTP Daemon Remote Buffer Overflow

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion In the US? Contact Beyond Security at our new California office housewarming rates on automated network vulnerability scanning. We also...

Monkey HTTP Daemon 0.4/0.5/0.6 - Excessive POST Data Buffer Overflow

source: https://www.securityfocus.com/bid/7202/info Monkey HTTP Daemon is prone to a boundary condition error. This condition occurs when the server attempts to handle excessive HTTP POST data. Exploitation could allow a remote attacker to corrupt sensitive regions of memory with attacker-supplie...

Monkey HTTP Daemon 0.40.50.6 - Excessive POST Data Buffer Overflow

Monkey HTTP Daemon 0.40.50.6 - Excessive POST Data Buffer Overflow source: https://www.securityfocus.com/bid/7202/info Monkey HTTP Daemon is prone to a boundary condition error. This condition occurs when the server attempts to handle excessive HTTP POST data. Exploitation could allow a remote...

CVE-2002-2154

Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. dot dot sequences...

CVE-2002-1850

modcgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service hang and memory consumption by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script...

CVE-2002-1663

The PostMethod function in method.c for Monkey HTTP Daemon before 0.5.1 allows remote attackers to cause a denial of service crash via a POST request with an invalid or missing Content-Length header value...

Pyramid Research Project - ghttpd security advisorie

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -=================================================================- SECURITY ADVISORY PYR/MID, Research Project - 100702 Members: Apm, flea, thread Title: GazTek HTTP Daemon v1.4-3 Buffer Overflow Author: flea Vulnerable GazTek HTTP Daemon = v1.4-3...

Pyramid Research Project - atphttpd security advisorie

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -=================================================================- SECURITY ADVISORY PYR/MID, Research Project - 101002 Members: Apm, flea, thread Title: ATP HTTP Daemon v0.4b Buffer Overflow Author: thread Vulnerable: ATP HTTP Daemon = v0.4b...

CVE-2002-0839

CVE-2002-0839 affects Apache 1.3.x prior to 1.3.27. The vulnerability stems from the shared memory scoreboard in the HTTP daemon, where a user running as the Apache UID can modify parent[].pid and parent[].last_rtime, enabling the process to receive a SIGUSR1 signal with potential root-level effe...

3Com OfficeConnect DSL Router 812 1.1.7840 1.1.7 - HTTP Port Router Denial of Service

3Com OfficeConnect DSL Router 812 1.1.7840 1.1.7 - HTTP Port Router Denial of Service // source: https://www.securityfocus.com/bid/2721/info OfficeConnect 812 is a DSL router manufactured by 3Com, and distributed by numerous DSL providers. OfficeConnect 812 is an integrated ADSL router with an...

Quikstore Shopping Cart quikstore.cgi Multiple Vulnerabilities

The CGI 'quickstore.cgi' is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the HTTP daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid10712...