CVE-2013-2183

Monkey HTTP Daemon has local security bypass...

CVE-2013-2159

Monkey HTTP Daemon: broken user name authentication...

CVE-2013-2181

Cross-site scripting XSS vulnerability in the Directory Listing plugin in Monkey HTTP Daemon monkeyd 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name...

CVE-2012-4442

Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check...

CVE-2002-2154

Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. dot dot sequences...

CVE-1999-0267

Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution...

CVE-2021-4030

A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary commands if they coerce or trick a local user to visit a compromised website with malicious scripts...

PT-2024-35418 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version 9.4.0cu.1041 B20240224 Description: The issue arises from the use of the Uci Set function without strict parameter filtering in the shttpd file. This allows an attacker to achieve arbitrary command execution by...

CVE-2024-47497

An Uncontrolled Resource Consumption vulnerability in the http daemon httpd of Juniper Networks Junos OS on SRX Series, QFX Series, MX Series and EX Series allows an unauthenticated, network-based attacker to cause Denial-of-Service DoS. An attacker can send specific HTTPS connection requests to...

CVE-2024-47497

An Uncontrolled Resource Consumption vulnerability in the http daemon httpd of Juniper Networks Junos OS on SRX Series, QFX Series, MX Series and EX Series allows an unauthenticated, network-based attacker to cause Denial-of-Service DoS. An attacker can send specific HTTPS connection requests to...

CVE-2024-47497

CVE-2024-47497 affects Juniper Junos OS on SRX, QFX, MX and EX Series. The vulnerability is an Uncontrolled Resource Consumption in the httpd process when handling certain HTTPS requests, causing unauthenticated, network-based DoS via resource exhaustion and device restart. Affected versions incl...

CVE-2024-47497 Junos OS: SRX Series, QFX Series, MX Series and EX Series: Receiving specific HTTPS traffic causes resource exhaustion

An Uncontrolled Resource Consumption vulnerability in the http daemon httpd of Juniper Networks Junos OS on SRX Series, QFX Series, MX Series and EX Series allows an unauthenticated, network-based attacker to cause Denial-of-Service DoS. An attacker can send specific HTTPS connection requests to...

Juniper Junos OS Vulnerability (JSA88124)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA88124 advisory. - An Uncontrolled Resource Consumption vulnerability in the http daemon httpd of Juniper Networks Junos OS on SRX Series, QFX Series, MX Series and EX Series allows an...

PT-2024-7142 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 21.4R3-S7 Junos OS versions 22.2 prior to 22.2R3-S4 Junos OS versions 22.3 prior to 22.3R3-S3 Junos OS versions 22.4 prior to 22.4R3-S2 Junos OS versions 23.2 prior to 23.2R2-S1 Junos OS versions 23.4 prior to...

HughesNet HT2000W Satellite Modem - Password Reset Exploit

Exploit Title: HughesNet HT2000W Satellite Modem Arcadyan httpd 1.0 - Password Reset Exploit Author: Simon Greenblatt Vendor: HughesNet Version: Arcadyan httpd 1.0 Tested on: Linux CVE: CVE-2021-20090 import sys import requests import re import base64 import hashlib import urllib red = "\0330;41m...

ROS-20240816-03

Vulnerability of HTTP Daemon is related to inconsistent interpreting of HTTP requests when processing 'Content-Length' string values. when processing 'Content-Length' string values. Exploitation of the vulnerability could allow an attacker, acting remotely, to escalate their privileges by sending...

httpd: NULL pointer dereference in mod_proxy

A flaw was found in the modproxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service...

httpd: Improper escaping of output in mod_rewrite

A flaw was found in the modrewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure...

AZL-43119 CVE-2024-36387 affecting package httpd for versions less than 2.4.61-1

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance...

OPENSUSE-SU-2024:12216-1 perl-HTTP-Daemon-6.14-2.1 on GA media

These are all security issues fixed in the perl-HTTP-Daemon-6.14-2.1 package on the GA media of openSUSE Tumbleweed...