XiongMai uc-httpd 1.0.0 - Buffer Overflow Exploit

Exploit for hardware platform in category web applications Exploit Title: XiongMai uc-httpd 1.0.0 - Buffer Overflow Exploit Author: Andrew Watson Software Version: XiongMai uc-httpd 1.0.0 Vendor Homepage: http://www.xiongmaitech.com/en/ Tested on: KKMoon DVR running XiongMai uc-httpd 1.0.0 on...

Buffer overflow

Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725...

CVE-2018-10088

Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725...

CVE-2018-10088

Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725...

CVE-2018-10088

CVE-2018-10088 affects XiongMai uc-httpd 1.0.0. A buffer overflow in the login handling (POST /login.htm) can be triggered by a crafted username field (e.g., a long input like 85 'A's) to overflow a stack buffer. PoC Exploit code and public exploit entries demonstrate sending this crafted request...

CVE-2018-10088

Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725...

CVE-2018-10088

Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

PT-2018-9673 · Xiongmai · Uc-Httpd

Name of the Vulnerable Software and Affected Versions: XiongMai uc-httpd version 1.0.0 Description: A buffer overflow issue has been identified, with unspecified impact and attack vectors. Recommendations: For XiongMai uc-httpd version 1.0.0, at the moment, there is no information about a newer...

XiongMai uc-httpd 1.0.0 Buffer Overflow

Exploit Title: XiongMai uc-httpd 1.0.0 - Buffer Overflow Date: 2018-06-08 Exploit Author: Andrew Watson Software Version: XiongMai uc-httpd 1.0.0 Vendor Homepage: http://www.xiongmaitech.com/en/ Tested on: KKMoon DVR running XiongMai uc-httpd 1.0.0 on TCP/81 CVE ID: CVE-2018-10088 DISCLAIMER: Thi...

XiongMai uc-httpd 1.0.0 - Buffer Overflow

Exploit Title: XiongMai uc-httpd 1.0.0 - Buffer Overflow Date: 2018-06-08 Exploit Author: Andrew Watson Software Version: XiongMai uc-httpd 1.0.0 Vendor Homepage: http://www.xiongmaitech.com/en/ Tested on: KKMoon DVR running XiongMai uc-httpd 1.0.0 on TCP/81 CVE ID: CVE-2018-10088 DISCLAIMER: Thi...

[SECURITY] [DLA 1389-1] apache2 security update

Package : apache2 Version : 2.2.22-13+deb7u13 CVE ID : CVE-2017-15710 CVE-2018-1301 CVE-2018-1312 Debian Bug : Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-15710 Alex Nichols and Jakob Hirsch reported that modauthnzldap, if configured with AuthLDAPCharsetConfig,...

Apache httpd FilesMatch Directive Security Restriction Bypass (CVE-2017-15715)

A security policy bypass vulnerability exists in Apache httpd. A remote attacker can exploit this vulnerability by sending a HTTP request with crafted URI to the remote HTTP server. Successful exploitation could result security policy bypass and arbitrary file upload...

EulerOS 2.0 SP1 : httpd (EulerOS-SA-2018-1151)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the...

EulerOS 2.0 SP2 : httpd (EulerOS-SA-2018-1152)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the...

F5 Networks BIG-IP : Apache HTTPD vulnerability (K75429050)

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modmime can read one byte past the end of a buffer when sending a malicious Content-Type response header. CVE-2017-7679 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5...

[slackware-security] php

New php packages are available for Slackware 14.0, 14.1, and 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/php-5.6.36-i586-1slack14.2.txz: Upgraded. This fixes many bugs, including some security issues: Heap Buffer Overflow READ: 1786 in...

Fedora Update for httpd FEDORA-2018-e6d9251471

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache Httpd < 2.4.34 : DoS for HTTP/2 connections by crafted requests

By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. This issue only affects servers that have configured and enabled HTTP/2 support, which is not the default...

TPLINK TLWR740N路由器远程代码执行漏洞(CVE-2017-13772)

INTRODUCTION In October of 2017 we disclosed multiple vulnerabilities in TP-Link’s WR940n router that occurred due to multiple code paths calling strcpy on user controllable unsanitised input CVE-2017-13772 The httpd binary responsible for these vulnerabilities contained patterns of code that...

[SECURITY] Fedora 26 Update: mod_http2-1.10.18-1.fc26

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...