11 matches found
CVE-2007-6405
Sergey Lyubka Simple HTTPD shttpd 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended 1 '+' character, 2 '.' character, 3 %2e sequence hex-encoded dot, or 4 hex-encoded character greater than 0x7f. NOTE: the %20 vector is...
CVE-2007-6405
CVE-2007-6405 affects Sergey Lyubka’s Simple HTTPD (shttpd) 1.38 and earlier on Windows. The issue allows remote attackers to obtain or download arbitrary CGI programs/scripts by sending a URI with special trailing characters: a plus sign (+), a dot (.), %2e (hex-encoded dot), or a hex-encoded ch...
CVE-2007-6405
Sergey Lyubka Simple HTTPD shttpd 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended 1 '+' character, 2 '.' character, 3 %2e sequence hex-encoded dot, or 4 hex-encoded character greater than 0x7f. NOTE: the %20 vector is...
CVE-2007-6404
Affected software: Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows. The vulnerability is a directory traversal in the URI (..) that enables remote attackers to read arbitrary files. The underlying issue is improper normalization of path traversal in shttpd’s request handling. Impa...
Design/Logic Flaw
Sergey Lyubka Simple HTTPD shttpd 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI...
CVE-2007-6326
Sergey Lyubka Simple HTTPD shttpd 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI...
CVE-2007-6326
Sergey Lyubka Simple HTTPD shttpd 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI...
CVE-2007-3407
CVE-2007-3407 affects Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier. It allows remote attackers to disclose script source code by sending a URI with a trailing encoded space (%20), causing information disclosure. The root cause is improper handling of a trailing %20 in the request. The con...
CVE-2006-5216
Stack-based buffer overflow in Sergey Lyubka Simple HTTPD shttpd 1.34 allows remote attackers to execute arbitrary code via a long URI...
CVE-2006-5216
SHTTPD
CVE-2006-5216
Stack-based buffer overflow in Sergey Lyubka Simple HTTPD shttpd 1.34 allows remote attackers to execute arbitrary code via a long URI...