5761 matches found
Buffer overflow in Null HTTPd
Heap overflow because of signed/yubsugbed cibversion...
remote exploitable heap overflow in Null HTTPd 0.5.0
included: - netric-adv009.txt advisory - bakkum.c remote root exploit Kind Regards, Netric Security http://www.netric.org Message sent using UebiMiau 2.7 attachment: bakkum.c application/octet-stream Netric Security Team - http://www.netric.org|be By Netric Nullhttpd 0.5.0 type: heap overflow...
Apache Httpd < 2.0.42 : mod_dav crash
A flaw was found in handling of versioning hooks in moddav. An attacker could send a carefully crafted request in such a way to cause the child process handling the connection to crash. This issue will only result in a denial of service where a threaded process model is in use...
Null HTTPd 0.5 - Remote Heap Overflow
// source: https://www.securityfocus.com/bid/5774/info Null httpd is a small multithreaded web server for Linux and Windows, mantained by NullLogic. A remotely exploitable heap overflow has been discovered in Null httpd. By passing a negative content length value to the server, it is possible to...
Null HTTPd 0.5 - Remote Heap Overflow
Null HTTPd 0.5 - Remote Heap Overflow // source: https://www.securityfocus.com/bid/5774/info Null httpd is a small multithreaded web server for Linux and Windows, mantained by NullLogic. A remotely exploitable heap overflow has been discovered in Null httpd. By passing a negative content length...
Apache Httpd < 2.0.43 : Error page XSS using wildcard DNS
Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header...
Apache Httpd < 1.3.27 : Error page XSS using wildcard DNS
Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header...
XSS in Null HTTPd
Null HTTPd is a simple HTTP server that runs on Win32/Unix systems. It is quite basic, but offers good CGI support. A vulnerability in Null HTTPd may allow cross-site scripting via a 404 page: http://localhost/a?x=SCRIPTalertdocument.URL/SCRIPT You have to place this in the query string so that i...
NullLogic Null HTTPd 0.5 - Error Page Cross-Site Scripting
NullLogic Null HTTPd 0.5 - Error Page Cross-Site Scripting source: https://www.securityfocus.com/bid/5603/info NullLogic Null HTTPd is a small multithreaded webserver for Linux and Windows. It is possible for attackers to construct a URL that will cause scripting code to be embedded in error page...
NullLogic Null HTTPd 0.5 - Error Page Cross-Site Scripting
source: https://www.securityfocus.com/bid/5603/info NullLogic Null HTTPd is a small multithreaded webserver for Linux and Windows. It is possible for attackers to construct a URL that will cause scripting code to be embedded in error pages. As a result, when an innocent user follows such a link,...
CVE-2000-1206
CVE-2000-1206 describes a vulnerability in Apache httpd prior to 1.3.11 where mass virtual hosting using mod_rewrite or mod_vhost_alias (in Apache 1.3.9) can allow remote attackers to retrieve arbitrary files. The affected component is the httpd web server and its name-based hosting configuration...
CERN Proxy Server: Cross-Site Scripting Vulnerability
CERN Proxy Server: Cross-Site Scripting Vulnerability ===================================================== Affected: CERN HTTPD 3.0A http://www.w3.org/Daemon/Activity.html Vendor Status: CERN httpd team [email protected] was notified on Aug 10, 2001 but they did not respond. Exploit:...
W3C CERN HTTPd 3.0 Proxy - Cross-Site Scripting
source: https://www.securityfocus.com/bid/5447/info CERN httpd is a freely available HTTP server and HTTP proxy server available from the W3C. The httpd Proxy is vulnerable to a cross site scripting attack. The condition is present because of the way URLS are displayed in error messages. It is...
W3C CERN HTTPd 3.0 Proxy - Cross-Site Scripting
W3C CERN HTTPd 3.0 Proxy - Cross-Site Scripting source: https://www.securityfocus.com/bid/5447/info CERN httpd is a freely available HTTP server and HTTP proxy server available from the W3C. The httpd Proxy is vulnerable to a cross site scripting attack. The condition is present because of the wa...
Apache Httpd < 2.0.40 : Path vulnerability
Certain URIs would bypass security and allow users to invoke or access any file depending on the system configuration. Affects Windows, OS2, Netware and Cygwin platforms only...
CodeBlue 5.1 - SMTP Response Buffer Overflow
CodeBlue 5.1 - SMTP Response Buffer Overflow // source: https://www.securityfocus.com/bid/5300/info CodeBlue is an Apache httpd log scanning utility that attempts to contact the administrators of hosts infected with worms. A buffer overflow vulnerability has been reported in CodeBlue. The conditi...
Moderate: Red Hat Security Advisory: mod_ssl security update
Updated modssl packages are now available for Red Hat Advanced Server. These updates incorporate a fix for an incorrect bounds check in versions of modssl up to and including version 2.8.9. The modssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer SSL a...
Apache Httpd < 2.0.40 : Path revealing exposures
A path-revealing exposure was present in multiview type map negotiation such as the default error documents where a module would report the full path of the typemapped .var file when multiple documents or no documents could be served. Additionally a path-revealing exposure in cgi/cgid when Apache...
Apache Httpd < 2.0.37 : Apache Chunked encoding vulnerability
Malicious requests can cause various effects ranging from a relatively harmless increase in system resources through to denial of service attacks and in some cases the ability to execute arbitrary remote code...
Apache Httpd < 1.3.26 : Apache Chunked encoding vulnerability
Malicious requests can cause various effects ranging from a relatively harmless increase in system resources through to denial of service attacks and in some cases the ability to execute arbitrary remote code...