Lucene search
K

165 matches found

CVE
CVE
added 2023/11/30 12:0 a.m.49 views

CVE-2023-48808

TOTOLINK X6000R (V9.4.0cu.852_B20230719) is affected by a command execution vulnerability in the shttpd front-end handling. The issue arises in the sub_4119A0 function, which obtains fields via Uci_Set_The_Str and passes them to CsteSystem, enabling arbitrary command execution. Affected component...

9.8CVSS9.4AI score0.01536EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/11/30 12:0 a.m.52 views

CVE-2023-48804

Affected product: TOTOLINK X6000R, version 9.4.0cu.852_B20230719. Component/trigger: shttpd, function sub_4119A0; unfiltered front-end fields passed to CsteSystem via Uci_Set_The_Str. Root cause: improper input handling enables command construction and execution when fields reach CsteSystem. Impa...

9.8CVSS9.4AI score0.01536EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/30 12:0 a.m.5 views

PT-2023-7634 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version 9.4.0cu.852 B20230719 Description: The issue arises from the sub 4119A0 function in the shttpd file, which obtains fields from the front-end through the Uci Set The Str function. When these fields are passed to the...

10CVSS9.5AI score0.01536EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2023/11/30 12:0 a.m.7 views

PT-2023-7632 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version 9.4.0cu.852 B20230719 Description: The issue arises from the sub 4119A0 function in the shttpd file, which obtains fields from the front-end through the Uci Set The Str function. When these fields are passed to the...

9.8CVSS9.6AI score0.01536EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2023/11/30 12:0 a.m.6 views

CVE-2023-48802

In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function when passed to the CsteSystem function creates a command execution vulnerability...

9.7AI score0.01536EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/11/30 12:0 a.m.26 views

CVE-2023-48812

In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file sub4119A0 function obtains fields from the front-end through Uci Set The Str function that when passed to the CsteSystem function creates a command execution vulnerability...

9.8AI score0.01536EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/11/30 12:0 a.m.25 views

CVE-2023-48802

In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function when passed to the CsteSystem function creates a command execution vulnerability...

9.8AI score0.01536EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.5 views

TOTOLINK X6000R 安全漏洞

TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK X6000R shttpd sub4119A0, which can be exploited by a remote attacker to submit a special request that can be used in an application context to execute arbitrary commands...

9.8CVSS7.3AI score0.01536EPSS
Exploits1References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

SHTTPD 1.38 Filename Parse Error Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24618/info SHTTPD is prone to an information-disclosure vulnerability. An attacker can exploit this issue to access sensitive information that may lead to further attacks. This issue affects SHTTPD 1.38; other versions ma...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

SHTTPD <= 1.34 URI-Encoded POST Request Overflow (win32)

No description provided by source. $Id: shttpdpost.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2011/09/08 12:0 a.m.163 views

Simple-HTTPD

Remote root on sfr/ubiquisys femtocell webserver wsal/shttpd/mongoose ToDo: Add execute shell ToDo: Test vulnerable targets Modified by JSacco - [email protected] part of femtocell research by TU-Berlin only for educational purposes Exploit Title: remote root on sfr/ubiquisys femtocell...

7.5CVSS0.3AI score0.13256EPSS
Exploits6
Packet Storm
Packet Storm
added 2011/08/15 12:0 a.m.52 views

Simple HTTPd 1.42 PUT Buffer Overflow

!/usr/bin/env python part of femtocell research by TU-Berlin only for educational purposes Exploit Title: remote root on sfr/ubiquisys femtocell webserver wsal/shttpd/mongoose Date: 2011-08-02 Author: nion Software: http://code.google.com/p/mongoose/ http://sourceforge.net/projects/shttpd/ Versio...

7.5CVSS0.5AI score0.13256EPSS
Exploits6
0day.today
0day.today
added 2011/08/15 12:0 a.m.81 views

Simple HTTPd 1.42 PUT Request Remote Buffer Overflow Vulnerability

Exploit for windows platform in category remote exploits !/usr/bin/env python part of femtocell research by TU-Berlin only for educational purposes Exploit Title: remote root on sfr/ubiquisys femtocell webserver wsal/shttpd/mongoose Author: nion Software: http://code.google.com/p/mongoose/...

7.1AI score0.13256EPSS
Exploits6
Exploit DB
Exploit DB
added 2011/08/15 12:0 a.m.62 views

Simple HTTPd 1.42 - &#039;PUT&#039; Remote Buffer Overflow

!/usr/bin/env python part of femtocell research by TU-Berlin only for educational purposes Exploit Title: remote root on sfr/ubiquisys femtocell webserver wsal/shttpd/mongoose Date: 2011-08-02 Author: nion Software: http://code.google.com/p/mongoose/ http://sourceforge.net/projects/shttpd/ Versio...

7.5CVSS6.4AI score0.13256EPSS
Exploits6
Exploit DB
Exploit DB
added 2010/05/09 12:0 a.m.39 views

SHTTPD 1.34 (Windows x86) - URI-Encoded POST Request Overflow (Metasploit)

$Id: shttpdpost.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

7.5CVSS7.1AI score0.63557EPSS
Exploits3
Packet Storm
Packet Storm
added 2009/11/26 12:0 a.m.41 views

SHTTPD <= 1.34 URI-Encoded POST Request Overflow (win32)

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'SHTTPD %q Th...

7.5CVSS6.8AI score0.63557EPSS
Exploits3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.4 views

sHTTPd cross-site scripting vulnerability

Overview sHTTPd, from Uchu Ninja Neko-dan, contains a cross-site scripting vulnerability. sHTTPd from Uchu Ninja Neko-dan is a web server for Windows. sHTTPd contains a cross-site scripting vunerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the...

4.3CVSS6.3AI score0.01263EPSS
Exploits0References9
NVD
NVD
added 2007/12/17 6:46 p.m.36 views

CVE-2007-6405

Sergey Lyubka Simple HTTPD shttpd 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended 1 '+' character, 2 '.' character, 3 %2e sequence hex-encoded dot, or 4 hex-encoded character greater than 0x7f. NOTE: the %20 vector is...

6.4CVSS6.6AI score0.02675EPSS
Exploits1References7
Prion
Prion
added 2007/12/17 6:46 p.m.31 views

Code injection

Sergey Lyubka Simple HTTPD shttpd 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended 1 '+' character, 2 '.' character, 3 %2e sequence hex-encoded dot, or 4 hex-encoded character greater than 0x7f. NOTE: the %20 vector is...

6.4CVSS7AI score0.08426EPSS
Exploits3References7Affected Software1
CVE
CVE
added 2007/12/17 6:0 p.m.50 views

CVE-2007-6405

CVE-2007-6405 affects Sergey Lyubka’s Simple HTTPD (shttpd) 1.38 and earlier on Windows. The issue allows remote attackers to obtain or download arbitrary CGI programs/scripts by sending a URI with special trailing characters: a plus sign (+), a dot (.), %2e (hex-encoded dot), or a hex-encoded ch...

6.4CVSS6.8AI score0.02675EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder