165 matches found
Design/Logic Flaw
Sergey Lyubka Simple HTTPD shttpd 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI...
CVE-2007-6326
The CVE-2007-6326 entry affects Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows. The vulnerability allows remote denial of service when a request includes an MS-DOS device name, as demonstrated by the /aux URI. The issue is triggered by processing a device-name in the request, leading to a par...
Simple HTTPd 1.38 - Multiple Vulnerabilities
Luigi Auriemma Application: Simple HTTPD http://shttpd.sourceforge.net Versions: = 1.38 Platforms: Windows, nix, QNX, RTEMS only Windows seems vulnerable Bugs: A directory traversal B scripts and CGI viewing/downloading %20 char found by Shay priel in Jun 2007 Exploitation: remote Date: 07 Dec 20...
Simple HTTPd 1.38 - Multiple Vulnerabilities
Simple HTTPd 1.38 - Multiple Vulnerabilities Luigi Auriemma Application: Simple HTTPD http://shttpd.sourceforge.net Versions: = 1.38 Platforms: Windows, nix, QNX, RTEMS only Windows seems vulnerable Bugs: A directory traversal B scripts and CGI viewing/downloading %20 char found by Shay priel in...
Cross site scripting
Cross-site scripting XSS vulnerability in Kurinton sHTTPd 20070408 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2007-3541
Cross-site scripting XSS vulnerability in Kurinton sHTTPd 20070408 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2007-3541
Cross-site scripting XSS vulnerability in Kurinton sHTTPd 20070408 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2007-3541
CVE-2007-3541 concerns Kurinton sHTTPd (version 20070408 and earlier) with a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The connected documents corroborate this XSS issue in sHTTPd and note that an arbitrar...
SHTTPD文件名解析错误信息泄露漏洞
BUGTRAQ ID: 24618 CVECAN ID: CVE-2007-3407 SHTTPD是一款轻量级的简单易用的web服务器。 SHTTPD处理HTTP请求时存在漏洞,远程攻击者可能利用此漏洞获取脚本源码。 SHTTPD没有正确地处理HTTP请求,如果用户在所提交的URI后附加了“%20”字符的话,就可能导致泄露某些脚本的源码。 Sergey Lyubka SHTTPD 1.38 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://shttpd.sourceforge.net/...
JVN#74063879 sHTTPd cross-site scripting vulnerability
sHTTPd provided by anekos is a web server for Windows. sHTTPd contains a cross-site scripting vunerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the developer. Products Affected sHTTPd version...
CVE-2007-3407
Sergey Lyubka Simple HTTPD shttpd 1.38 allows remote attackers to obtain sensitive information script source code via a URL with a trailing encoded space %20...
Code injection
Sergey Lyubka Simple HTTPD shttpd 1.38 allows remote attackers to obtain sensitive information script source code via a URL with a trailing encoded space %20...
CVE-2007-3407
CVE-2007-3407 affects Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier. It allows remote attackers to disclose script source code by sending a URI with a trailing encoded space (%20), causing information disclosure. The root cause is improper handling of a trailing %20 in the request. The con...
SHTTPD HTTP server information leak
It's possible to access scripts source code with request of kind http://127.0.0.1/test.php20...
SHTTPD V1.38 server source code disclosure
SHTTPD V1.38 server source code disclosure ------------------------------------ link:http://shttpd.sourceforge.net/ info: The vulnerability is caused due to a parser error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of script files...
SHTTPD 1.38 - Filename Parse Error Information Disclosure
SHTTPD 1.38 - Filename Parse Error Information Disclosure source: https://www.securityfocus.com/bid/24618/info SHTTPD is prone to an information-disclosure vulnerability. An attacker can exploit this issue to access sensitive information that may lead to further attacks. This issue affects SHTTPD...
SHTTPD 1.38 - Filename Parse Error Information Disclosure
source: https://www.securityfocus.com/bid/24618/info SHTTPD is prone to an information-disclosure vulnerability. An attacker can exploit this issue to access sensitive information that may lead to further attacks. This issue affects SHTTPD 1.38; other versions may also be affected...
SHTTPD 1.34 (POST) Remote Buffer Overflow Exploit
No description provided by source. !/usr/bin/perl -w SHTTPD Buffer Overflow POST Tested on SHTTPD 1.34 WinXP SP1 Hebrew http://shttpd.sourceforge.net Codded By SkOd, 05/10/2006 ISRAEL details: EAX 00000194 , ECX 009EBCA8 , EDX 00BC488C EBX 00000004 , EIP 41414141 , EBP 41414141 ESI 00BC4358 , EDI...
SHTTPD URI-Encoded POST Request Overflow
This module exploits a stack buffer overflow in SHTTPD 'SHTTPD URI-Encoded POST Request Overflow', 'Description' = %q This module exploits a stack buffer overflow in SHTTPD 'LMH ', 'hdm', 'skOd', 'License' = MSFLICENSE, 'References' = 'CVE', '2006-5216', 'OSVDB', '29565' , 'URL',...
SHTTPD 1.34 (POST) Remote Buffer Overflow Exploit
Exploit for unknown platform in category remote exploits ================================================= SHTTPD 1.34 POST Remote Buffer Overflow Exploit ================================================= !/usr/bin/perl -w SHTTPD Buffer Overflow POST Tested on SHTTPD 1.34 WinXP SP1 Hebrew...