Apache Httpd < 2.4.16 : Crash in ErrorDocument 400 handling

A crash in ErrorDocument handling was found. If ErrorDocument 400 was configured pointing to a local URL-path with the INCLUDES filter active, a NULL dereference would occur when handling the error, causing the child process to crash. This issue affected the 2.4.12 release only...

Internet Bug Bounty: mod_lua: Crash in websockets PING handling

A stack recursion crash in the modlua module was found. A Lua script executing the r:wsupgrade function could crash the process if a malicious client sent a carefully crafted PING request. This issue affected releases 2.4.7 through 2.4.12 inclusive...

Apache Httpd < 2.4.16 : mod_lua: Crash in websockets PING handling

A stack recursion crash in the modlua module was found. A Lua script executing the r:wsupgrade function could crash the process if a malicious client sent a carefully crafted PING request. This issue affected releases 2.4.7 through 2.4.12 inclusive...

Windows-Light-HTTPD-0.1

Buffer overflow in Light HTTPd lhttpd 0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request. import urllib2 from time import sleep def targURL: while True: URL = rawinput"\n Please enter the URL of the Light HTTP server you would like to PWN. Ex. http://192.168.1.1\n\n...

Ultra-Mini-HTTPD-1.21---POST

Exploit Title: Ultra Mini HTTPD stack buffer overflow POST request Date: 16 Feb 2014 Exploit Author: Sumit Vendor Homepage: http://www.picolix.jp/ Software Link: http://www.vector.co.jp/soft/winnt/net/se275154.html Version: 1.21 Tested on: Windows XP Professional SP3 A buffer overflow is triggere...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to inject arbitrary web script or HTML via the 1 PROFILENAME parameter in a Save action to httpd/cgi-bin/pppsetup.cgi or 2 COMMENT parameter in an Add action to httpd/cgi-bin/ddns.cgi...

CVE-2011-5284

CVE-2011-5284 describes a Cross-site Request Forgery vulnerability in Smoothwall Express 3.1 and 3.0 SP3 and earlier, specifically in the web management interface’s httpd/cgi-bin/shutdown.cgi. The vulnerability allows an attacker to hijack an administrator’s authenticated session to perform reboo...

SmoothWall 3.1 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: SmoothWall 3.1 Multiple vulnerabilities Date: 21/12/2014 Author: Yann CAM @ Synetis Vendor or Software Link: www.smoothwall.org - www.smoothwall.org/download/ Version: 3.1 Category: CSRF password reset & XSS persistent Google dork: Tested on: Smoothwall Linux distribution Smoothwal...

CVE-2014-8108

The moddavsvn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a request for a URI that triggers a lookup for a virtual transaction name that does not exist...

Null pointer dereference

The moddavsvn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service NULL pointer dereference and server crash via a REPORT request for a resource that does not exist...

CVE-2014-8108

The CVE-2014-8108 issue affects the Apache Subversion mod_dav_svn module. According to connected docs, Subversion 1.7.x is vulnerable before 1.7.19 and 1.8.x is vulnerable before 1.8.11, where a remote attacker can trigger a NULL pointer dereference by requesting a URI that causes a lookup for a ...

CVE-2014-3580

CVE-2014-3580 affects the mod_dav_svn component of Apache Subversion (1.x) prior to 1.7.19 and 1.8.x prior to 1.8.11. A remote attacker can trigger a NULL pointer dereference via a REPORT request for a non-existent resource , causing a denial of service and server crash. Connected sources documen...

CVE-2014-3580

The moddavsvn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service NULL pointer dereference and server crash via a REPORT request for a resource that does not exist...

CVE-2014-8108

The moddavsvn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a request for a URI that triggers a lookup for a virtual transaction name that does not exist...

CVE-2014-8108

The moddavsvn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a request for a URI that triggers a lookup for a virtual transaction name that does not exist...

UBUNTU-CVE-2014-3580

The moddavsvn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service NULL pointer dereference and server crash via a REPORT request for a resource that does not exist...

FreeBSD : subversion -- DoS vulnerabilities (f5561ade-846c-11e4-b7a7-20cf30e32f6d)

Subversion Project reports : Subversion's moddavsvn Apache HTTPD server module will crash when it receives a REPORT request for some invalid formatted special URIs. Subversion's moddavsvn Apache HTTPD server module will crash when it receives a request for some invalid formatted special URIs. We...

subversion -- DoS vulnerabilities

Subversion Project reports: Subversion's moddavsvn Apache HTTPD server module will crash when it receives a REPORT request for some invalid formatted special URIs. Subversion's moddavsvn Apache HTTPD server module will crash when it receives a request for some invalid formatted special URIs. We...

CVE-2014-7262

Cross-site scripting XSS vulnerability in the Omake BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string...

Cross site scripting

Cross-site scripting XSS vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string that is improperly rendered during construction of a directory index page, a different vulnerability than CVE-2014-7263...