33 matches found
AN HTTPD 1.41 e - Cross-Site Scripting
source: https://www.securityfocus.com/bid/6529/info AN HTTPD does not adequately filter HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user...
AN HTTPd v.1.41e: DoS, CSS, real patch attack
Damage Hacking Group security advisory www.dhgroup.org Product: AN HTTPd server Authors: www.st.rim.or.jp Vulnerability: DoS, CSS, 'real patch' attack Overview-------------------------------------------------------------- This is Japanez http-server for win32-platforms. U can download it from...
Crossite scripting in AN HTTPD
AN HTTPD shows an error page if a client sends a request containing ":" in the URI field. The problem occurs due to the fact that this URI is injected into the error page without being sanitized...
[SNS Advisory No.57] AN HTTPD Cross-site Scripting Vulnerability
---------------------------------------------------------------------- SNS Advisory No.57 AN HTTPD Cross-site Scripting Vulnerability Problem first discovered: Wed, 23 Oct 2002 Published: Mon, 28 Oct 2002 Reference: http://www.lac.co.jp/security/english/snsadve/57e.html...
anhttpd141c_exploit.java
Advisory Information -------------------- Name : AN HTTPD Vendor Homepage : http://www.st.rim.or.jp/nakata/ Platforms : Windows9x/Me/NT/2000/XP Vulnerability Type : stack overflow very easy to exploit Vendor Contacted : 17/10/2002 Vendor Replied : 20/10/2002 Vulnerable Versions : 1.30 to 1.41c No...
AN HTTPD 1.381.391.401.41 - SOCKS4 Buffer Overflow
AN HTTPD 1.381.391.401.41 - SOCKS4 Buffer Overflow source: https://www.securityfocus.com/bid/6012/info A buffer overflow vulnerability has been reported for AN HTTPD. The vulnerability is due to insufficient bounds checking of usernames for SOCKS4 requests. When AN HTTPD acts as a SOCKS4 server, ...
AN HTTPD 1.38/1.39/1.40/1.41 - 'SOCKS4' Buffer Overflow
source: https://www.securityfocus.com/bid/6012/info A buffer overflow vulnerability has been reported for AN HTTPD. The vulnerability is due to insufficient bounds checking of usernames for SOCKS4 requests. When AN HTTPD acts as a SOCKS4 server, it handles user names in an unsafe manner. An...
CVE-1999-0947
AN-HTTPd server is affected by a remote command execution risk due to default CGI scripts test.bat, input.bat, input2.bat, and ssi/envout.bat that allow shell metacharacters. Exploitation would enable an attacker to run arbitrary commands on the remote host. The vulnerability details are drawn fr...
CVE-1999-0947
AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters...
ex_anhttpd.txt
by Message by Thread Post Reply To: BugTraq Subject: Some holes for Win/UNIX softwares Date: Tue Nov 02 1999 22:39:56 Author: UNYUN Message-ID: ------------------------------------------------------------------------ 3 AN-HTTPd 1.20b Problem: The test CGIs which are distributed with AN-HTTPd 1.20...
CVE-1999-0947
AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters...
AN-HTTPd 1.2b - CGI s
AN-HTTPd 1.2b - CGI s source: https://www.securityfocus.com/bid/762/info Certain versions of the AN-HTTPd server contain default CGI scripts that allow code to be executed remotely. This is due to poor sanity checking on user supplied data. http://www.xxx.yy/cgi-bin/input.bat?|dir....\windows...
AN-HTTPd Multiple Test CGIs Arbitrary Command Execution
The remote web server is an AN-HTTPD server which contains default CGI scripts. At least one of these CGIs is installed on the remote server : cgi-bin/test.bat cgi-bin/input.bat cgi-bin/input2.bat ssi/envout.bat It is possible to misuse them to make the remote server execute arbitrary commands...