5759 matches found
CVE-2007-6404
Directory traversal vulnerability in Sergey Lyubka Simple HTTPD shttpd 1.38 and earlier on Windows allows remote attackers to read arbitrary files via a ..\ dot dot backslash in the URI...
CVE-2007-6405
CVE-2007-6405 affects Sergey Lyubka’s Simple HTTPD (shttpd) 1.38 and earlier on Windows. The issue allows remote attackers to obtain or download arbitrary CGI programs/scripts by sending a URI with special trailing characters: a plus sign (+), a dot (.), %2e (hex-encoded dot), or a hex-encoded ch...
CVE-2007-6405
Sergey Lyubka Simple HTTPD shttpd 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended 1 '+' character, 2 '.' character, 3 %2e sequence hex-encoded dot, or 4 hex-encoded character greater than 0x7f. NOTE: the %20 vector is...
Apache Httpd < 2.0.63 : mod_status XSS
A flaw was found in the modstatus module. On sites where modstatus is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available...
Apache Httpd < 2.2.8 : mod_proxy_ftp UTF-7 XSS
A workaround was added in the modproxyftp module. On sites where modproxyftp is enabled and a forward proxy is configured, a cross-site scripting attack is possible against Web browsers which do not correctly derive the response character set following the rules in RFC 2616...
Apache Httpd < 2.0.63 : mod_proxy_ftp UTF-7 XSS
A workaround was added in the modproxyftp module. On sites where modproxyftp is enabled and a forward proxy is configured, a cross-site scripting attack is possible against Web browsers which do not correctly derive the response character set following the rules in RFC 2616...
Apache Httpd < 2.2.8 : mod_status XSS
A flaw was found in the modstatus module. On sites where modstatus is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available...
Apache Httpd < 1.3.41 : mod_status XSS
A flaw was found in the modstatus module. On sites where modstatus is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available...
CVE-2007-6326
Sergey Lyubka Simple HTTPD shttpd 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI...
CVE-2007-6326
Sergey Lyubka Simple HTTPD shttpd 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI...
simple-py.txt
usage: poc.py host port import socket import sys print "-----------------------------------------------------------------------" print "Simple HTTPD 1.3 /aux Denial of Service\n" print "url: http://shttpd.sourceforge.net\n" print "author: shinnai" print "mail: shinnaiatautisticidotorg" print "sit...
Apache Httpd < 2.2.8 : mod_proxy_balancer DoS
A flaw was found in the modproxybalancer module. On sites where modproxybalancer is enabled, an authorized user could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded...
Simple HTTPD 1.3 (/aux) Remote Denial of Service Exploit
No description provided by source. usage: poc.py host port import socket import sys print "-----------------------------------------------------------------------" print "Simple HTTPD 1.3 /aux Denial of Service\n" print "url: http://shttpd.sourceforge.net\n" print "author: shinnai" print "mail:...
Apache Httpd < 2.2.8 : mod_proxy_balancer XSS
A flaw was found in the modproxybalancer module. On sites where modproxybalancer is enabled, a cross-site scripting attack against an authorized user is possible...
Simple HTTPd 1.41 - aux Remote Denial of Service
Simple HTTPd 1.41 - aux Remote Denial of Service usage: poc.py host port import socket import sys print "-----------------------------------------------------------------------" print "Simple HTTPD 1.3 /aux Denial of Service\n" print "url: http://shttpd.sourceforge.net\n" print "author: shinnai"...
Simple HTTPD <= 1.41 (/aux) Remote Denial of Service Exploit
Exploit for unknown platform in category dos / poc ============================================================ Simple HTTPD = 1.41 /aux Remote Denial of Service Exploit ============================================================ usage: poc.py host port import socket import sys print...
Simple HTTPd 1.41 - '/aux' Remote Denial of Service
usage: poc.py host port import socket import sys print "-----------------------------------------------------------------------" print "Simple HTTPD 1.3 /aux Denial of Service\n" print "url: http://shttpd.sourceforge.net\n" print "author: shinnai" print "mail: shinnaiatautisticidotorg" print "sit...
Fedora 7 : phpMyAdmin-2.11.3-1.fc7 (2007-4298)
Upstream released 2.11.3 - Removed the RPM scriptlets doing httpd restarts 227025 - Patched an information disclosure known as CVE-2007-0095 221694 - Provide virtual phpmyadmin package and a httpd alias 231431 Note that Tenable Network Security has extracted the preceding description block...
Simple HTTPD <= 1.41 (/aux) Remote Denial of Service Exploit
No description provided by source. usage: poc.py host port import socket import sys print "-----------------------------------------------------------------------" print "Simple HTTPD 1.3 /aux Denial of Service\n" print "url: http://shttpd.sourceforge.net\n" print "author: shinnai" print "mail:...
Sun SPARC XSCF Control Package (XCP)固件未明拒绝服务漏洞
Sun SPARC XSCF是一款扩展系统控制设备。 Sun SPARC XSCF固件的telnet1, Secure Shell SSH, 和httpd存在安全问题,远程攻击者可以利用漏洞对设备进行拒绝服务攻击。 目前没有详细漏洞细节提供。 Sun XCP 1040 补丁下载: Sun XCP 1040 Sun OPL-M4-5-8-9000-XCP-1050-SP-G-F http://javashoplm.sun.com/ECom/docs/Welcome.jsp?StoreId=8&PartDetailId...