150 matches found
MiniWeb目录遍历和缓冲区溢出漏洞
MiniWeb是一款WEB服务程序。 MiniWeb不正确处理用户提交的输入,远程攻击者可以利用漏洞进行目录遍历和缓冲区溢出攻击。 如提交如下请求可导致触发漏洞: http://www.example.com/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/boot.ini GET /AAAA...3600 - 4000...AAAA/ HTTP/1.0 Stanley Huang MiniWeb 0.8.19 目前没有解决方案提供: http://sourceforge.net/projects/miniweb...
Directory traversal
Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a 1 .%2e partially encoded dot dot or 2 %2e%2e encoded dot dot in the URI...
CVE-2008-0338
Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a 1 .%2e partially encoded dot dot or 2 %2e%2e encoded dot dot in the URI...
Heap overflow
Heap-based buffer overflow in the mwProcessReadSocket function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to execute arbitrary code via a long URI...
CVE-2008-0337
Heap-based buffer overflow in the mwProcessReadSocket function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to execute arbitrary code via a long URI...
CVE-2008-0338
Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a 1 .%2e partially encoded dot dot or 2 %2e%2e encoded dot dot in the URI...
CVE-2008-0337
MiniWeb HTTP Server 0.8.19 is affected by a heap-based buffer overflow in the _mwProcessReadSocket function of http.c. An attacker can trigger this remotely by sending a long URI, potentially enabling arbitrary code execution. The root cause is an overflow in the socket-read handling. Affected ve...
CVE-2008-0338
The CVE-2008-0338 vulnerability affects MiniWeb HTTP Server 0.8.19, where the mwGetLocalFileName function in http.c is vulnerable to directory traversal via URI-encoded references (.%2e and %2e%2e). This could allow remote attackers to read arbitrary files and list directories. The provided docum...
MiniWeb 0.8.19 Multiple Remote Vulnerabilities
No description provided by source. MiniWeb Multiple Vulnerabilities Introduction MiniWeb is a mini HTTP server implementation written in C language, featuring low system resource consumption, high efficiency, good flexibility and high portability. It is capable to serve multiple clients with a...
miniweb-multi.txt
MiniWeb Multiple Vulnerabilities Introduction MiniWeb is a mini HTTP server implementation written in C language, featuring low system resource consumption, high efficiency, good flexibility and high portability. It is capable to serve multiple clients with a single thread, supporting GET and POS...
MiniWeb 0.8.19 Multiple Remote Vulnerabilities
Exploit for unknown platform in category remote exploits ============================================== MiniWeb 0.8.19 Multiple Remote Vulnerabilities ============================================== MiniWeb Multiple Vulnerabilities Introduction MiniWeb is a mini HTTP server implementation written ...
Miniweb 0.8.19 - Multiple Vulnerabilities
MiniWeb Multiple Vulnerabilities Introduction MiniWeb is a mini HTTP server implementation written in C language, featuring low system resource consumption, high efficiency, good flexibility and high portability. It is capable to serve multiple clients with a single thread, supporting GET and POS...
CVE-2007-3159
http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service application crash via a negative value in the Content-Length HTTP header...
Design/Logic Flaw
http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service application crash via a negative value in the Content-Length HTTP header...
CVE-2007-3159
CVE-2007-3159 affects the MiniWeb Http Server 0.8.x series. The vulnerability is triggered by a negative value in the Content-Length HTTP header, which can cause a remote attacker to induce an application crash (DoS). The available connected records confirm the affected product and the root cause...
CVE-2007-3159
http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service application crash via a negative value in the Content-Length HTTP header...
miniweb-dos.txt
MiniWeb Http Server 0.8.x Remote Denial of Service MiniWeb site http://sourceforge.net/projects/miniweb/ Author: gbr Tested running the server under Windows XP SP2 Description: The server doesn't do a sanity-check on 'Content-Length' value from POST Header, allowing the attacker to control the...
MiniWeb HTTP Server 0.8.x - Remote Denial of Service
MiniWeb HTTP Server 0.8.x - Remote Denial of Service MiniWeb Http Server 0.8.x Remote Denial of Service MiniWeb site http://sourceforge.net/projects/miniweb/ Author: gbr Tested running the server under Windows XP SP2 Description: The server doesn't do a sanity-check on 'Content-Length' value from...
MiniWeb Http Server 0.8.x Remote Denial of Service Exploit
No description provided by source. MiniWeb Http Server 0.8.x Remote Denial of Service MiniWeb site http://sourceforge.net/projects/miniweb/ Author: gbr Tested running the server under Windows XP SP2 Description: The server doesn't do a sanity-check on 'Content-Length' value from POST Header,...
MiniWeb Http Server 0.8.x Remote Denial of Service Exploit
Exploit for unknown platform in category dos / poc ========================================================== MiniWeb Http Server 0.8.x Remote Denial of Service Exploit ========================================================== MiniWeb Http Server 0.8.x Remote Denial of Service MiniWeb site...