Lucene search
K

165 matches found

Prion
Prion
added 2007/12/13 7:46 p.m.20 views

Design/Logic Flaw

Sergey Lyubka Simple HTTPD shttpd 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI...

5CVSS7.1AI score0.07251EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2007/12/13 7:0 p.m.53 views

CVE-2007-6326

The CVE-2007-6326 entry affects Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows. The vulnerability allows remote denial of service when a request includes an MS-DOS device name, as demonstrated by the /aux URI. The issue is triggered by processing a device-name in the request, leading to a par...

5CVSS6.6AI score0.07251EPSS
Exploits1References4Affected Software1
Exploit DB
Exploit DB
added 2007/12/07 12:0 a.m.34 views

Simple HTTPd 1.38 - Multiple Vulnerabilities

Luigi Auriemma Application: Simple HTTPD http://shttpd.sourceforge.net Versions: = 1.38 Platforms: Windows, nix, QNX, RTEMS only Windows seems vulnerable Bugs: A directory traversal B scripts and CGI viewing/downloading %20 char found by Shay priel in Jun 2007 Exploitation: remote Date: 07 Dec 20...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2007/12/07 12:0 a.m.13 views

Simple HTTPd 1.38 - Multiple Vulnerabilities

Simple HTTPd 1.38 - Multiple Vulnerabilities Luigi Auriemma Application: Simple HTTPD http://shttpd.sourceforge.net Versions: = 1.38 Platforms: Windows, nix, QNX, RTEMS only Windows seems vulnerable Bugs: A directory traversal B scripts and CGI viewing/downloading %20 char found by Shay priel in...

0.4AI score
Exploits0
Prion
Prion
added 2007/07/03 8:30 p.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in Kurinton sHTTPd 20070408 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.1AI score0.01263EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2007/07/03 8:30 p.m.13 views

CVE-2007-3541

Cross-site scripting XSS vulnerability in Kurinton sHTTPd 20070408 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.7AI score0.01263EPSS
Exploits0References7
Cvelist
Cvelist
added 2007/07/03 8:0 p.m.15 views

CVE-2007-3541

Cross-site scripting XSS vulnerability in Kurinton sHTTPd 20070408 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.7AI score0.01263EPSS
Exploits0References7
CVE
CVE
added 2007/07/03 8:0 p.m.52 views

CVE-2007-3541

CVE-2007-3541 concerns Kurinton sHTTPd (version 20070408 and earlier) with a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The connected documents corroborate this XSS issue in sHTTPd and note that an arbitrar...

4.3CVSS5.7AI score0.01263EPSS
Exploits0References7Affected Software1
seebug.org
seebug.org
added 2007/06/29 12:0 a.m.63 views

SHTTPD文件名解析错误信息泄露漏洞

BUGTRAQ ID: 24618 CVECAN ID: CVE-2007-3407 SHTTPD是一款轻量级的简单易用的web服务器。 SHTTPD处理HTTP请求时存在漏洞,远程攻击者可能利用此漏洞获取脚本源码。 SHTTPD没有正确地处理HTTP请求,如果用户在所提交的URI后附加了“%20”字符的话,就可能导致泄露某些脚本的源码。 Sergey Lyubka SHTTPD 1.38 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://shttpd.sourceforge.net/...

5CVSS6.4AI score0.08426EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/06/27 12:0 a.m.19 views

JVN#74063879 sHTTPd cross-site scripting vulnerability

sHTTPd provided by anekos is a web server for Windows. sHTTPd contains a cross-site scripting vunerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the developer. Products Affected sHTTPd version...

6.7AI score
Exploits0
NVD
NVD
added 2007/06/26 6:30 p.m.33 views

CVE-2007-3407

Sergey Lyubka Simple HTTPD shttpd 1.38 allows remote attackers to obtain sensitive information script source code via a URL with a trailing encoded space %20...

5CVSS6AI score0.08426EPSS
Exploits2References6
Prion
Prion
added 2007/06/26 6:30 p.m.24 views

Code injection

Sergey Lyubka Simple HTTPD shttpd 1.38 allows remote attackers to obtain sensitive information script source code via a URL with a trailing encoded space %20...

5CVSS6.3AI score0.08426EPSS
Exploits2References6Affected Software1
CVE
CVE
added 2007/06/26 6:0 p.m.73 views

CVE-2007-3407

CVE-2007-3407 affects Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier. It allows remote attackers to disclose script source code by sending a URI with a trailing encoded space (%20), causing information disclosure. The root cause is improper handling of a trailing %20 in the request. The con...

5CVSS6AI score0.08426EPSS
Exploits2References6Affected Software1
securityvulns
securityvulns
added 2007/06/26 12:0 a.m.31 views

SHTTPD HTTP server information leak

It's possible to access scripts source code with request of kind http://127.0.0.1/test.php20...

0.7AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2007/06/26 12:0 a.m.118 views

SHTTPD V1.38 server source code disclosure

SHTTPD V1.38 server source code disclosure ------------------------------------ link:http://shttpd.sourceforge.net/ info: The vulnerability is caused due to a parser error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of script files...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2007/06/25 12:0 a.m.12 views

SHTTPD 1.38 - Filename Parse Error Information Disclosure

SHTTPD 1.38 - Filename Parse Error Information Disclosure source: https://www.securityfocus.com/bid/24618/info SHTTPD is prone to an information-disclosure vulnerability. An attacker can exploit this issue to access sensitive information that may lead to further attacks. This issue affects SHTTPD...

7.2AI score
Exploits0
Exploit DB
Exploit DB
added 2007/06/25 12:0 a.m.31 views

SHTTPD 1.38 - Filename Parse Error Information Disclosure

source: https://www.securityfocus.com/bid/24618/info SHTTPD is prone to an information-disclosure vulnerability. An attacker can exploit this issue to access sensitive information that may lead to further attacks. This issue affects SHTTPD 1.38; other versions may also be affected...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2006/10/23 12:0 a.m.28 views

SHTTPD 1.34 (POST) Remote Buffer Overflow Exploit

No description provided by source. !/usr/bin/perl -w SHTTPD Buffer Overflow POST Tested on SHTTPD 1.34 WinXP SP1 Hebrew http://shttpd.sourceforge.net Codded By SkOd, 05/10/2006 ISRAEL details: EAX 00000194 , ECX 009EBCA8 , EDX 00BC488C EBX 00000004 , EIP 41414141 , EBP 41414141 ESI 00BC4358 , EDI...

7.1AI score
Exploits0
Metasploit
Metasploit
added 2006/10/15 7:53 a.m.24 views

SHTTPD URI-Encoded POST Request Overflow

This module exploits a stack buffer overflow in SHTTPD 'SHTTPD URI-Encoded POST Request Overflow', 'Description' = %q This module exploits a stack buffer overflow in SHTTPD 'LMH ', 'hdm', 'skOd', 'License' = MSFLICENSE, 'References' = 'CVE', '2006-5216', 'OSVDB', '29565' , 'URL',...

7.5CVSS7.7AI score0.63557EPSS
Exploits3
0day.today
0day.today
added 2006/10/15 12:0 a.m.26 views

SHTTPD 1.34 (POST) Remote Buffer Overflow Exploit

Exploit for unknown platform in category remote exploits ================================================= SHTTPD 1.34 POST Remote Buffer Overflow Exploit ================================================= !/usr/bin/perl -w SHTTPD Buffer Overflow POST Tested on SHTTPD 1.34 WinXP SP1 Hebrew...

7.1AI score
Exploits0
Rows per page
Query Builder