5759 matches found
CVE-2005-1087
CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request...
CVE-2005-1087
The CVE-2005-1087 entry concerns the AN HTTPD Server 1.42n, specifically the cmdIS.DLL plugin . It describes a CRLF injection vulnerability triggered by CRLF sequences in an HTTP request, enabling remote attackers to spoof or hide logfile entries and potentially read files via an injected type co...
CVE-2005-1086
Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to execute arbitrary code via an HTTP request with a long User-Agent header...
CVE-2005-1086
The CVE-2005-1086 entry concerns AN HTTPD Server 1.42n, specifically the cmdIS.DLL plugin. The issue is a buffer overflow in the plugin when processing an HTTP request with a long User-Agent header, enabling remote code execution. The available documents identify the vulnerable component and caus...
[SA14861] AN HTTPD cmdIS.DLL Buffer Overflow and Log File Injection
---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: AN HTTPD cmdIS.DLL Buffer Overflow and Log File...
Multiple AN HTTPD Web Server vulnerabilities
Buffer overflows, crossite scripting...
AN HTTPD - CMDIS.dll Remote Buffer Overflow (PoC)
AN HTTPD - CMDIS.dll Remote Buffer Overflow PoC source: https://www.securityfocus.com/bid/13066/info AN HTTPD is reported prone to a remote buffer overflow vulnerability. Specifically, the issue presents itself in 'cmdIS.DLL' which calls the 'GetEnvironmentStrings' function to copy environment...
AN HTTPD - 'CMDIS.dll' Remote Buffer Overflow (PoC)
source: https://www.securityfocus.com/bid/13066/info AN HTTPD is reported prone to a remote buffer overflow vulnerability. Specifically, the issue presents itself in 'cmdIS.DLL' which calls the 'GetEnvironmentStrings' function to copy environment variables into a finite sized process buffer. The...
AN HTTPD 1.42 - Arbitrary Log Content Injection
AN HTTPD 1.42 - Arbitrary Log Content Injection source: https://www.securityfocus.com/bid/13069/info AN HTTPD is affected by a vulnerability that may allow remote attacker to inject arbitrary content in to the log file. This issue arises due to a failure of input validation. Corruption of logs ma...
AN HTTPD 1.42 - Arbitrary Log Content Injection
source: https://www.securityfocus.com/bid/13069/info AN HTTPD is affected by a vulnerability that may allow remote attacker to inject arbitrary content in to the log file. This issue arises due to a failure of input validation. Corruption of logs may result in concealing attacks and/or misleading...
CVE-2005-1087
CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request...
[Full-disclosure] Samsung ADSL Modem Vulnerability
------------------------------------------------------------ - EXPL-A-2005-002 exploitlabs.com Advisory 031 - ------------------------------------------------------------ - Samsung ADSL Modem - AFFECTED PRODUCTS ================= Samsung ADSL Modem Samgsung Eletronics http://www.samsung.com DETAI...
Exploit Labs Security Advisory 2005.2
------------------------------------------------------------ - EXPL-A-2005-002 exploitlabs.com Advisory 031 - ------------------------------------------------------------ - Samsung ADSL Modem - AFFECTED PRODUCTS ================= Samsung ADSL Modem Samgsung Eletronics http://www.samsung.com DETAI...
CERN httpd CGI Name Handling Remote Overflow
The remote web server stopped responding after sending it a GET request for a CGI script with a arbitrary long file name. This is known to trigger a heap overflow in some servers like CERN HTTPD. An attacker may use this flaw to disrupt the remote service and possibly even run malicious code on t...
CERN httpd Double Slash Protected Webpage Bypass
The remote web server allows an attacker to access protected web pages by replacing slashes in the URL with '//' or '/./', which is a known problem in older versions of CERN web server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid17230; scriptversion"1.19";...
AWStats 5.7 < 6.2 - Multiple Remote
/ AWStats v5.7 - v6.2 sileAWSxpl This exploit utilize three methods for exploiter the vulnerability found on AWStats software. an user can execute remote code on vulnerable machine, with httpd privileges. References: www.securityfocus.org/bid/12543 coded by: Silentium of Anacron Group Italy date:...
AWStats 5.7 6.2 - Multiple Remote
AWStats 5.7 6.2 - Multiple Remote / AWStats v5.7 - v6.2 sileAWSxpl This exploit utilize three methods for exploiter the vulnerability found on AWStats software. an user can execute remote code on vulnerable machine, with httpd privileges. References: www.securityfocus.org/bid/12543 coded by:...
CVE-2004-2096
Cross-site scripting XSS vulnerability in Mephistoles httpd 0.6.0 final allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the URL...
Fedora Core 2 : httpd-2.0.51-2.9 (2004-420)
Thu Nov 11 2004 Joe Orton 2.0.51-2.9 - add fix for memory consumption DoS, CVE-2004-0942 - modssl: add fix for SSLCipherSuite bypass, CVE-2004-0885 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...
Fedora Core 3 : httpd-2.0.52-3.1 (2004-421)
This update includes the fix for a memory consumption denial of service issue in the handling of request header lines CVE-2004-0942. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically...