Stack overflow

Multiple stack-based buffer overflows in MinaliC 2.0.0 allow remote attackers to execute arbitrary code via a 1 sessionid cookie in a request to the getcookievalue function in response.c, 2 directory name in a request to the adddefaultfile function in response.c, or 3 file name in a request to th...

CVE-2012-0273

Multiple stack-based buffer overflows in MinaliC 2.0.0 allow remote attackers to execute arbitrary code via a 1 sessionid cookie in a request to the getcookievalue function in response.c, 2 directory name in a request to the adddefaultfile function in response.c, or 3 file name in a request to th...

djbdns超长响应报文远程缓存中毒漏洞

BUGTRAQ ID: 33937 djbdns是一个由Qmail的作者所设计的轻量级DNS server。 djbdns的response.c文件负责处理名称压缩。该文件12行对nameptr数组有each 16384的标注，但responseaddname没有强制这个限制。如果用户向报文中编码的名称中第一个后缀大于或等于16384字节的话，responseaddname就会错误的编码到名称的偏移，生成畸形的响应报文。这种响应报文会给查询用户误导性信息，有助于攻击者执行中间人等网络欺骗攻击。 D. J. Bernstein djbdns 1.05 厂商补丁： D. J. Bernste...

CVE-2006-0814

response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing 1 "." dot and 2 space characters, which are ignored by Windows, as demonstrated by PHP files...