5772 matches found
Mephistoles Httpd crossite scripting
No description provided...
Mephistoles Httpd 0.6.0final XSS
Donato Ferrante Application: Mephistoles Httpd http://sourceforge.net/projects/mephistoles Version: 0.6.0final Bug: cross site scripting Author: Donato Ferrante e-mail: [email protected] web: www.autistici.org/fdonato xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 1...
Mephistoles HTTPd 0.6 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/9470/info Mephistoles 'httpd' daemon fails to sanitize user-supplied input, making it vulnerable to cross-site scripting attacks. This vulnerability allows an attacker to construct a malicious link containing HTML or script code that may be rendered in a...
Surfboard HTTPd 1.1.9 - Remote Buffer Overflow (PoC)
source: https://www.securityfocus.com/bid/9299/info It has been reported that Surfboard httpd is prone to a remote buffer overflow condition that may allow an attacker to gain unauthorized access to a system running the vulnerable software. The issue presents itself when an attacker sends a...
Apache Httpd < 1.3.31 : mod_digest nonce checking
moddigest does not properly verify the nonce of a client response by using a AuthNonce secret. This could allow a malicious user who is able to sniff network traffic to conduct a replay attack against a website using Digest protection. Note that moddigest implements an older version of the MD5...
CVE-2003-0973
Unknown vulnerability in modpython 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service httpd crash via a certain query string...
CVE-2003-0973
The CVE-2003-0973 entry describes a denial-of-service in mod_python: affected versions are mod_python 3.0.x before 3.0.4 and 2.7.x before 2.7.9. A remote attacker can crash the Apache httpd by supplying a crafted query string. Public advisories (e.g., Debian DSA-452, Red Hat RHSA-2004:058, and re...
sh-httpd.txt
======================================== INetCop Security Advisory 2003-0x82-019 ======================================== Title: sh-httpd wildcard character' vulnerability 0x01. Description About: sh-httpd is a shell script-based Web server that supports GET and HEAD methods, and a CGI 1.1...
CVE-2003-1137
Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk wildcard character...
SH-HTTPD 0.30.4 - Character Filtering Remote Information Disclosure
SH-HTTPD 0.30.4 - Character Filtering Remote Information Disclosure source: https://www.securityfocus.com/bid/8897/info A problem has been identified in the handling of some characters by sh-httpd. Because of this, an attacker may be able to gain unauthorized access to information. GET GET...
sh-httpd shell characters
wildcard metacharacter allows to access any file...
[Full-Disclosure] sh-httpd `wildcard character' vulnerability
======================================== INetCop Security Advisory 2003-0x82-019 ======================================== Title: sh-httpd wildcard character' vulnerability 0x01. Description About: sh-httpd is a shell script-based Web server that supports GET and HEAD methods, and a CGI 1.1...
SH-HTTPD 0.3/0.4 - Character Filtering Remote Information Disclosure
source: https://www.securityfocus.com/bid/8897/info A problem has been identified in the handling of some characters by sh-httpd. Because of this, an attacker may be able to gain unauthorized access to information. GET GET ../../../sh-httpd/p GET /../../etc/s GET ../../root/.b...
Apache Httpd < 1.3.31 : Allow/Deny parsing on big-endian 64-bit platforms
A bug in the parsing of Allow/Deny rules using IP addresses without a netmask on big-endian 64-bit platforms causes the rules to fail to match...
NullLogic Null HTTPd 0.5.1 - Error Page Long HTTP Request Cross-Site Scripting
NullLogic Null HTTPd 0.5.1 - Error Page Long HTTP Request Cross-Site Scripting source: https://www.securityfocus.com/bid/8695/info It has been reported that Null HTTPd is prone to a cross-site scripting vulnerability when displaying error pages that may allow an attacker to execute HTML or script...
NullLogic Null HTTPd 0.5 - Remote Denial of Service
NullLogic Null HTTPd 0.5 - Remote Denial of Service source: https://www.securityfocus.com/bid/8697/info Null HTTPd has been reported prone to a remotely triggered denial of service vulnerability. The issue has been reported to present itself in the HTTP POST handling routines within the Null HTTP...
NullLogic Null HTTPd 0.5.1 - Error Page Long HTTP Request Cross-Site Scripting
source: https://www.securityfocus.com/bid/8695/info It has been reported that Null HTTPd is prone to a cross-site scripting vulnerability when displaying error pages that may allow an attacker to execute HTML or script code in a user's browser. The issue was previously reported and fixed BID 5603...
NullLogic Null HTTPd 0.5 - Remote Denial of Service
source: https://www.securityfocus.com/bid/8697/info Null HTTPd has been reported prone to a remotely triggered denial of service vulnerability. The issue has been reported to present itself in the HTTP POST handling routines within the Null HTTPd server. It has been reported that a remote attacke...
Moderate: Red Hat Security Advisory: : Updated httpd packages fix Apache security vulnerabilities
Updated httpd packages that fix several minor security issues are now available for Red Hat Linux 8.0 and 9. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. Ben Laurie found a bug in the optional renegotiation code in modssl included with Apache 2...
Apache Httpd < 1.3.29 : Local configuration regular expression overflow
By using a regular expression with more than 9 captures a buffer overflow can occur in modalias or modrewrite. To exploit this an attacker would need to be able to create a carefully crafted configuration file .htaccess or httpd.conf...