Apache Httpd < 2.4.9 : mod_log_config crash

A flaw was found in modlogconfig. A remote attacker could send a specific truncated cookie causing a crash. This crash would only be a denial of service if using a threaded MPM...

Apache Httpd < 2.2.27 : mod_log_config crash

A flaw was found in modlogconfig. A remote attacker could send a specific truncated cookie causing a crash. This crash would only be a denial of service if using a threaded MPM...

Ultra Mini HTTPd 1.21 - POST Remote Stack Buffer Overflow (2)

Ultra Mini HTTPd 1.21 - POST Remote Stack Buffer Overflow 2 !/usr/bin/python Title: Mini HTTPD stack buffer overflow POST exploit Author: TheColonial Date: 20 Feb 2013 Software Link: http://www.vector.co.jp/soft/winnt/net/se275154.html Vendor Homepage: http://www.picolix.jp/ Version: 1.21 Tested...

Ultra Mini HTTPd 1.21 - &#039;POST&#039; Remote Stack Buffer Overflow (2)

!/usr/bin/python Title: Mini HTTPD stack buffer overflow POST exploit Author: TheColonial Date: 20 Feb 2013 Software Link: http://www.vector.co.jp/soft/winnt/net/se275154.html Vendor Homepage: http://www.picolix.jp/ Version: 1.21 Tested on: Windows XP Professional SP3 Description: This is a...

Internet Bug Bounty: moderate: mod_deflate denial of service

A resource consumption flaw was found in moddeflate. If request body decompression was configured using the "DEFLATE" input filter, a remote attacker could cause the server to consume significant memory and/or CPU resources. The use of request body decompression is not a common configuration...

Apache Httpd < 2.4.10 : mod_deflate denial of service

A resource consumption flaw was found in moddeflate. If request body decompression was configured using the "DEFLATE" input filter, a remote attacker could cause the server to consume significant memory and/or CPU resources. The use of request body decompression is not a common configuration...

Apache Httpd < 2.2.29 : mod_deflate denial of service

A resource consumption flaw was found in moddeflate. If request body decompression was configured using the "DEFLATE" input filter, a remote attacker could cause the server to consume significant memory and/or CPU resources. The use of request body decompression is not a common configuration...

Ultra Mini HTTPd 1.21 - &#039;POST&#039; Remote Stack Buffer Overflow (1)

Exploit Title: Ultra Mini HTTPD stack buffer overflow POST request Date: 16 Feb 2014 Exploit Author: Sumit Vendor Homepage: http://www.picolix.jp/ Software Link: http://www.vector.co.jp/soft/winnt/net/se275154.html Version: 1.21 Tested on: Windows XP Professional SP3 Description: A buffer overflo...

Linksys系列未明远程代码执行漏洞

No description provided by source. !/usr/bin/php ?php / Exploit for 0day linksys unauthenticated remote code execution vulnerability. As exploited by TheMoon worm; Discovered in the wild on Feb 13, 2013 by Johannes Ullrich. I was hoping this would stay under-wraps until a firmware patch could be...

OneHTTPD 0.8 Denial Of Service

Exploit Title: onehttpd 0.8 Crash PoC Date: Feb 7,2014 Exploit Author: Mahmod Mahajna Mahy Version: 0.8 Software Link: https://onehttpd.googlecode.com/files/onehttpd-0.8.exe Tested on: Windows XP SP3 Email: [email protected] from requests import get,ConnectionError as cerror from sys import arg...

OneHTTPD 0.8 - Crash (PoC)

OneHTTPD 0.8 - Crash PoC Exploit Title: onehttpd 0.8 Crash PoC Date: Feb 7,2014 Exploit Author: Mahmod Mahajna Mahy Version: 0.8 Software Link: https://onehttpd.googlecode.com/files/onehttpd-0.8.exe Tested on: Windows XP SP3 Email: [email protected] from requests import get,ConnectionError as...

Path traversal

Absolute path traversal vulnerability in cantata before 1.2.2 allows local users to read arbitrary files via a full pathname in a request to the internal httpd server. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2013-7301...

UBUNTU-CVE-2013-7300

Absolute path traversal vulnerability in cantata before 1.2.2 allows local users to read arbitrary files via a full pathname in a request to the internal httpd server. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2013-7301...

CVE-2013-7300

Absolute path traversal vulnerability in cantata before 1.2.2 allows local users to read arbitrary files via a full pathname in a request to the internal httpd server. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2013-7301...

CVE-2013-6343

Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374979 allow remote attackers to execute arbitrary code via the 1 appsname or 2 appsflag parameter to APPInstallation.asp...

Buffer overflow

Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374979 allow remote attackers to execute arbitrary code via the 1 appsname or 2 appsflag parameter to APPInstallation.asp...

CVE-2013-6343

CVE-2013-6343 affects ASUS RT-N56U (and RT-AC66U) running firmware 3.0.0.4.374_979. The vulnerability is in the web server’s APP_Installation.asp handling of the apps_name and apps_flag parameters, leading to multiple buffer overflows in web.c of httpd. This allows remote attackers to execute arb...

ASUS RT-N56U Remote Root

!/usr/bin/env python from time import sleep from sys import exit import urllib2, signal, struct, base64, socket, ssl Title: ASUS RT-N56U Remote Root Shell Exploit - appsname Discovered and Reported: October 2013 Discovered/Exploited By: Jacob Holcomb/Gimppy - Security Analyst @ ISE Contact: Twitt...

ASUS RT-N56U - Remote Buffer Overflow (ROP)

ASUS RT-N56U - Remote Buffer Overflow ROP !/usr/bin/env python from time import sleep from sys import exit import urllib2, signal, struct, base64, socket, ssl Title: ASUS RT-N56U Remote Root Shell Exploit - appsname Discovered and Reported: October 2013 Discovered/Exploited By: Jacob Holcomb/Gimp...

subversion -- mod_dav_svn vulnerability

Subversion Project reports: Subversion's moddavsvn Apache HTTPD server module will crash when it receives an OPTIONS request against the server root and Subversion is configured to handle the server root and SVNListParentPath is on. This can lead to a DoS. There are no known instances of this...