CVE-2017-17663

CVE-2017-17663 affects the htpasswd component of mini_httpd (before v1.28) and thttpd (before v2.28). The vulnerability is a buffer overflow that can be exploited remotely to achieve code execution. Connected advisories corroborate a remote-code-execution impact and note fixes in later thttpd rel...

CVE-2017-17663

The htpasswd implementation of minihttpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution...

FreeBSD : mini_httpd,thttpd -- Buffer overflow in htpasswd (f5524753-67b1-4c88-8114-29c2d258b383)

Alessio Santoru reports : Buffer overflow in htpasswd. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine and contributors Redistribution and use in source VuXML and 'compiled...

Ghost to reproduce: part of the WiMAX routing device to authenticate the existence of the bypass and back door vulnerability-vulnerability warning-the black bar safety net

The SEC's security personnel in some of the WiMAX router on found a vulnerability, this vulnerability allows an attacker to change the router administrator password, and then get on the vulnerabilities of the device control. Worse, if an attacker took control of these contains a vulnerability in...

DLink / TRENDnet - NCC Service Command Injection Exploit

Exploit for hardware platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'D-Link/TRENDnet NCC Service Command Injection', 'Description' = %q...

Acme mini_httpd Protocol String Handling Memory Disclosure

The Acme minihttpd web server running on the remote host is affected by a flaw in the addheaders function within file minihttpd.c that is triggered when handling HTTP requests that have a very long protocol string. An unauthenticated, remote attacker can exploit this, via a crafted request, to...

FreeBSD : mini_httpd -- buffer overflow via snprintf (84dc49b0-b267-11e5-8a5b-00262d5ed8ee)

ACME Updates reports : minihttpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read. rene ACME, the author, claims that the...

Belkin Router Directory Traversal Vulnerability (Oct 2015) - Active Check

Belkin Routers are prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

D-Link DSL-2750u DSL-2730u - (Authenticated) Local File Disclosure

D-Link DSL-2750u DSL-2730u - Authenticated Local File Disclosure + Author: SATHISH ARTHAR + Exploit Title: Dlink Wireless Router Password File Access Exploit Local File Inclusion + Date: 07-07-2015 + Platform: Hardware + Tested on: linux + Vendor: http://www.dlink.co.in + Product web page:...

D-Link/TRENDnet NCC Service Command Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'D-Link/TRENDnet NCC Service Command Injection', 'Description' = %q This module exploits a remote command injection vulnerability on...

mini_httpd server Long Protocol String Information Disclosure Vulnerability

minihttpd server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-1548

minihttpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read...

CVE-2015-1548

The CVE-2015-1548 issue affects the mini_httpd web server (version 1.21 and earlier). A crafted HTTP request with a very long protocol string can trigger an incorrect response size calculation and an out-of-bounds read in memory, enabling information disclosure from the server process. Descriptio...

mini_httpd -- buffer overflow via snprintf

ACME Updates reports: minihttpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read. rene ACME, the author, claims that the...

NETGEAR WNR500 Wireless Router - webproc?getpage Traversal Arbitrary File Access

NETGEAR WNR500 Wireless Router - webproc?getpage Traversal Arbitrary File Access Netgear Wireless Router WNR500 Parameter Traversal Arbitrary File Access Exploit Vendor: NETGEAR Product web page: http://www.netgear.com Affected version: WNR500 firmware: 1.0.7.2 Summary: The NETGEAR compact N150...

thttpd <= 2.24 HTTP Request Escape Sequence Terminal Command Injection

No description provided by source. source: http://www.securityfocus.com/bid/37714/info Acme 'thttpd' and 'minihttpd' are prone to a command-injection vulnerability because they fail to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary...

mini_httpd <= 1.18 HTTP Request Escape Sequence Terminal Command Injection

No description provided by source. source: http://www.securityfocus.com/bid/37714/info Acme 'thttpd' and 'minihttpd' are prone to a command-injection vulnerability because they fail to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary...

Gentoo Security Advisory GLSA 201206-27 (mini_httpd)

The remote host is missing updates announced in advisory GLSA 201206-27. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 201206-27 (mini_httpd)

The remote host is missing updates announced in advisory GLSA 201206-27. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

GLSA-201206-27 : mini_httpd: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201206-27 minihttpd: Arbitrary code execution minihttpd does not properly check for shell escapes when parsing HTTP requests. Impact : A remote attacker could send specially crafted HTTP requests, possibly resulting in execution o...