Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit

No description provided by source. / m00-apache-w00t.c Apache 1.3.-2.0.48 remote users disclosure exploit by m00 Security. Proof-of-Concept edition This tool scans remote hosts with httpd apache and disclosure information about existens users accounts via wrong default configuration of moduserdir...

Fusion SBX <= 1.2 - Remote Command Execution Exploit

No description provided by source. / Fusion SBX = 1.2 exploit sileFSBXxpl This exploit use vulnerability found into Fusion SBX and create new variable and call it with a malicious function stored in config.php. This exploit utilize injection of three diverse procedures for execution of arbitrary...

NullLogic Null HTTPd 0.5 Error Page Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5603/info NullLogic Null HTTPd is a small multithreaded webserver for Linux and Windows. It is possible for attackers to construct a URL that will cause scripting code to be embedded in error pages. As a result, when an...

Network Tool 0.2 PHPNuke Addon Metacharacter Filtering Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3552/info Network Tool is a PHPNuke addon, written and maintained by Rick Fournier. It is designed to offer network features such as nmap, traceroute, and ping from a web interface. A problem with the package has been...

Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package, included with various implementatio...

Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)

No description provided by source. source: http://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package, included with various implementatio...

Light HTTPD 0.1 GET Request Buffer Overflow Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/6162/info Light httpd is prone to a remotely exploitable buffer overflow condition. This overflow can be triggered by sending the server an excessively long GET request. As Light httpd drops user privileges when running,...

Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2003/info NCSA HTTPd and comes with a CGI sample shell script, test-cgi, located by default in /cgi-bin. This script does not properly enclose an ECHO command in quotes, and as a result shell expansion of the character ca...

SH-HTTPD 0.3/0.4 Character Filtering Remote Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8897/info A problem has been identified in the handling of some characters by sh-httpd. Because of this, an attacker may be able to gain unauthorized access to information. GET GET ../../../sh-httpd/p GET /../../etc/s GET...

Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit

No description provided by source. / local exploit for modinclude of apache 1.3.x written by xCrZx /18.10.2004/ bug found by xCrZx /18.10.2004/ Successfully tested on apache 1.3.31 under Linux RH9.0Shrike / / Technical Details: there is an overflow in gettag function: static char gettagpool p, FI...

W3C CERN httpd 3.0 Proxy Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5447/info CERN httpd is a freely available HTTP server and HTTP proxy server available from the W3C. The httpd Proxy is vulnerable to a cross site scripting attack. The condition is present because of the way URLS are...

Simple HTTPd 1.42 Denial of Servive Exploit

No description provided by source. !/usr/bin/python Exploit Title: Simple HTTPd 1.42 PoC DoS Date: 8/10/2011 Author: G13 Software Link: http://sourceforge.net/projects/shttpd/files/shttpd/1.42/shttpd-1.42.tar.gz/download Version: 1.42 Tested on: WinXP SP1 CVE : 2011-2900 Since Mongoose HTTPd and...

NullLogic Null HTTPd 0.5.1 Error Page Long HTTP Request Cross-Site Scripting Vulnerablity

No description provided by source. source: http://www.securityfocus.com/bid/8695/info It has been reported that Null HTTPd is prone to a cross-site scripting vulnerability when displaying error pages that may allow an attacker to execute HTML or script code in a user's browser. The issue was...

AN HTTPD 1.38/1.39/1.40/1.41 Malformed SOCKS4 Request Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6012/info A buffer overflow vulnerability has been reported for AN HTTPD. The vulnerability is due to insufficient bounds checking of usernames for SOCKS4 requests. When AN HTTPD acts as a SOCKS4 server, it handles user...

Simple HTTPD <= 1.41 (/aux) Remote Denial of Service Exploit

No description provided by source. usage: poc.py host port import socket import sys print ----------------------------------------------------------------------- print Simple HTTPD 1.3 /aux Denial of Service\n print url: http://shttpd.sourceforge.net\n print author: shinnai print mail:...

simple httpd <= 1.38 Multiple Vulnerabilities

No description provided by source. Luigi Auriemma Application: Simple HTTPD http://shttpd.sourceforge.net Versions: = 1.38 Platforms: Windows, nix, QNX, RTEMS only Windows seems vulnerable Bugs: A directory traversal B scripts and CGI viewing/downloading %20 char found by Shay priel in Jun 2007...

Caedo HTTPd Server 0.5.1 ALPHA - Remote File Download

No description provided by source. !/usr/bin/perl use LWP::Simple; Caedo HTTPd Server v 0.5.1 ALPHA Remote File Download Exploit Author : Zer0 Thunder if @ARGV 3 print\r\n; printCaedo HTTPd Server Remote File Download Exploit\r\n; printVuln Found and Exploited by Zer0 Thunder\r\n; print;...

Apache Httpd < 2.4.10 : WinNT MPM denial of service

A flaw was found in the WinNT MPM in httpd versions 2.4.1 to 2.4.9, when using the default AcceptFilter for that platform. A remote attacker could send carefully crafted requests that would leak memory and eventually lead to a denial of service against the server...

MultiCMS Local File Inclusion Vulnerbility

No description provided by source. Source: http://packetstormsecurity.org/files/view/97987/multicms-lfi.txt =============================wwwdotWhiteponnydotcom============================= Date: 29/01/2011 Author: R3VANBASTARD Exploit Title: MultiCMS File Inclusion Vulnerbility Vendor:...

RHEL 5 / 6 : JBoss Web Server (RHSA-2013:1133)

Updated httpd packages that fix two security issues are now available for Red Hat JBoss Web Server 2.0.1 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...