165 matches found
CVE-2023-48808
TOTOLINK X6000R (V9.4.0cu.852_B20230719) is affected by a command execution vulnerability in the shttpd front-end handling. The issue arises in the sub_4119A0 function, which obtains fields via Uci_Set_The_Str and passes them to CsteSystem, enabling arbitrary command execution. Affected component...
CVE-2023-48804
Affected product: TOTOLINK X6000R, version 9.4.0cu.852_B20230719. Component/trigger: shttpd, function sub_4119A0; unfiltered front-end fields passed to CsteSystem via Uci_Set_The_Str. Root cause: improper input handling enables command construction and execution when fields reach CsteSystem. Impa...
PT-2023-7634 · Totolink · Totolink X6000R
Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version 9.4.0cu.852 B20230719 Description: The issue arises from the sub 4119A0 function in the shttpd file, which obtains fields from the front-end through the Uci Set The Str function. When these fields are passed to the...
PT-2023-7632 · Totolink · Totolink X6000R
Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version 9.4.0cu.852 B20230719 Description: The issue arises from the sub 4119A0 function in the shttpd file, which obtains fields from the front-end through the Uci Set The Str function. When these fields are passed to the...
CVE-2023-48802
In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function when passed to the CsteSystem function creates a command execution vulnerability...
CVE-2023-48812
In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file sub4119A0 function obtains fields from the front-end through Uci Set The Str function that when passed to the CsteSystem function creates a command execution vulnerability...
CVE-2023-48802
In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function when passed to the CsteSystem function creates a command execution vulnerability...
TOTOLINK X6000R 安全漏洞
TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK X6000R shttpd sub4119A0, which can be exploited by a remote attacker to submit a special request that can be used in an application context to execute arbitrary commands...
SHTTPD 1.38 Filename Parse Error Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24618/info SHTTPD is prone to an information-disclosure vulnerability. An attacker can exploit this issue to access sensitive information that may lead to further attacks. This issue affects SHTTPD 1.38; other versions ma...
SHTTPD <= 1.34 URI-Encoded POST Request Overflow (win32)
No description provided by source. $Id: shttpdpost.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Simple-HTTPD
Remote root on sfr/ubiquisys femtocell webserver wsal/shttpd/mongoose ToDo: Add execute shell ToDo: Test vulnerable targets Modified by JSacco - [email protected] part of femtocell research by TU-Berlin only for educational purposes Exploit Title: remote root on sfr/ubiquisys femtocell...
Simple HTTPd 1.42 PUT Buffer Overflow
!/usr/bin/env python part of femtocell research by TU-Berlin only for educational purposes Exploit Title: remote root on sfr/ubiquisys femtocell webserver wsal/shttpd/mongoose Date: 2011-08-02 Author: nion Software: http://code.google.com/p/mongoose/ http://sourceforge.net/projects/shttpd/ Versio...
Simple HTTPd 1.42 PUT Request Remote Buffer Overflow Vulnerability
Exploit for windows platform in category remote exploits !/usr/bin/env python part of femtocell research by TU-Berlin only for educational purposes Exploit Title: remote root on sfr/ubiquisys femtocell webserver wsal/shttpd/mongoose Author: nion Software: http://code.google.com/p/mongoose/...
Simple HTTPd 1.42 - 'PUT' Remote Buffer Overflow
!/usr/bin/env python part of femtocell research by TU-Berlin only for educational purposes Exploit Title: remote root on sfr/ubiquisys femtocell webserver wsal/shttpd/mongoose Date: 2011-08-02 Author: nion Software: http://code.google.com/p/mongoose/ http://sourceforge.net/projects/shttpd/ Versio...
SHTTPD 1.34 (Windows x86) - URI-Encoded POST Request Overflow (Metasploit)
$Id: shttpdpost.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
SHTTPD <= 1.34 URI-Encoded POST Request Overflow (win32)
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'SHTTPD %q Th...
sHTTPd cross-site scripting vulnerability
Overview sHTTPd, from Uchu Ninja Neko-dan, contains a cross-site scripting vulnerability. sHTTPd from Uchu Ninja Neko-dan is a web server for Windows. sHTTPd contains a cross-site scripting vunerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the...
CVE-2007-6405
Sergey Lyubka Simple HTTPD shttpd 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended 1 '+' character, 2 '.' character, 3 %2e sequence hex-encoded dot, or 4 hex-encoded character greater than 0x7f. NOTE: the %20 vector is...
Code injection
Sergey Lyubka Simple HTTPD shttpd 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended 1 '+' character, 2 '.' character, 3 %2e sequence hex-encoded dot, or 4 hex-encoded character greater than 0x7f. NOTE: the %20 vector is...
CVE-2007-6405
CVE-2007-6405 affects Sergey Lyubka’s Simple HTTPD (shttpd) 1.38 and earlier on Windows. The issue allows remote attackers to obtain or download arbitrary CGI programs/scripts by sending a URI with special trailing characters: a plus sign (+), a dot (.), %2e (hex-encoded dot), or a hex-encoded ch...