36 matches found
EUVD-2007-6371
Malware in sbrugna...
EUVD-2007-6293
Malware in sbrugna...
Simple HTTPd 1.42 Denial of Servive Exploit
No description provided by source. !/usr/bin/python Exploit Title: Simple HTTPd 1.42 PoC DoS Date: 8/10/2011 Author: G13 Software Link: http://sourceforge.net/projects/shttpd/files/shttpd/1.42/shttpd-1.42.tar.gz/download Version: 1.42 Tested on: WinXP SP1 CVE : 2011-2900 Since Mongoose HTTPd and...
simple httpd <= 1.38 Multiple Vulnerabilities
No description provided by source. Luigi Auriemma Application: Simple HTTPD http://shttpd.sourceforge.net Versions: = 1.38 Platforms: Windows, nix, QNX, RTEMS only Windows seems vulnerable Bugs: A directory traversal B scripts and CGI viewing/downloading %20 char found by Shay priel in Jun 2007...
Simple HTTPd 1.42 - 'PUT' Remote Buffer Overflow
!/usr/bin/env python part of femtocell research by TU-Berlin only for educational purposes Exploit Title: remote root on sfr/ubiquisys femtocell webserver wsal/shttpd/mongoose Date: 2011-08-02 Author: nion Software: http://code.google.com/p/mongoose/ http://sourceforge.net/projects/shttpd/ Versio...
Simple HTTPd 1.42 PUT Request Remote Buffer Overflow Vulnerability
Exploit for windows platform in category remote exploits !/usr/bin/env python part of femtocell research by TU-Berlin only for educational purposes Exploit Title: remote root on sfr/ubiquisys femtocell webserver wsal/shttpd/mongoose Author: nion Software: http://code.google.com/p/mongoose/...
Simple HTTPd 1.42 - Denial of Servive
Simple HTTPd 1.42 - Denial of Servive !/usr/bin/python Exploit Title: Simple HTTPd 1.42 PoC DoS Date: 8/10/2011 Author: G13 Software Link: http://sourceforge.net/projects/shttpd/files/shttpd/1.42/shttpd-1.42.tar.gz/download Version: 1.42 Tested on: WinXP SP1 CVE : 2011-2900 Since Mongoose HTTPd a...
CVE-2011-2900
Stack-based buffer overflow in the 1 putdir function in mongoose.c in Mongoose 3.0, 2 putdir function in yasslEWS.c in yaSSL Embedded Web Server yasslEWS 0.2, and 3 shttpdputdir function in iodir.c in Simple HTTPD shttpd 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT...
Stack overflow
Stack-based buffer overflow in the 1 putdir function in mongoose.c in Mongoose 3.0, 2 putdir function in yasslEWS.c in yaSSL Embedded Web Server yasslEWS 0.2, and 3 shttpdputdir function in iodir.c in Simple HTTPD shttpd 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT...
CVE-2011-2900
CVE-2011-2900 is a stack-based buffer overflow in the HTTP PUT handling paths of Mongoose 3.0, yaSSL Embedded Web Server (yasslEWS) 0.2, and Simple HTTPD (shttpd) 1.42, allowing remote code execution. The root cause is a vulnerable put_dir/ _shttpd_put_dir path in mongoose.c, yasslEWS.c, and io_d...
CVE-2011-2900
Stack-based buffer overflow in the 1 putdir function in mongoose.c in Mongoose 3.0, 2 putdir function in yasslEWS.c in yaSSL Embedded Web Server yasslEWS 0.2, and 3 shttpdputdir function in iodir.c in Simple HTTPD shttpd 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT...
CVE-2007-6405
Sergey Lyubka Simple HTTPD shttpd 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended 1 '+' character, 2 '.' character, 3 %2e sequence hex-encoded dot, or 4 hex-encoded character greater than 0x7f. NOTE: the %20 vector is...
CVE-2007-6404
Directory traversal vulnerability in Sergey Lyubka Simple HTTPD shttpd 1.38 and earlier on Windows allows remote attackers to read arbitrary files via a ..\ dot dot backslash in the URI...
CVE-2007-6404
Affected software: Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows. The vulnerability is a directory traversal in the URI (..) that enables remote attackers to read arbitrary files. The underlying issue is improper normalization of path traversal in shttpd’s request handling. Impa...
CVE-2007-6404
Directory traversal vulnerability in Sergey Lyubka Simple HTTPD shttpd 1.38 and earlier on Windows allows remote attackers to read arbitrary files via a ..\ dot dot backslash in the URI...
CVE-2007-6405
CVE-2007-6405 affects Sergey Lyubka’s Simple HTTPD (shttpd) 1.38 and earlier on Windows. The issue allows remote attackers to obtain or download arbitrary CGI programs/scripts by sending a URI with special trailing characters: a plus sign (+), a dot (.), %2e (hex-encoded dot), or a hex-encoded ch...
CVE-2007-6405
Sergey Lyubka Simple HTTPD shttpd 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended 1 '+' character, 2 '.' character, 3 %2e sequence hex-encoded dot, or 4 hex-encoded character greater than 0x7f. NOTE: the %20 vector is...
CVE-2007-6326
Sergey Lyubka Simple HTTPD shttpd 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI...
CVE-2007-6326
Sergey Lyubka Simple HTTPD shttpd 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI...
simple-py.txt
usage: poc.py host port import socket import sys print "-----------------------------------------------------------------------" print "Simple HTTPD 1.3 /aux Denial of Service\n" print "url: http://shttpd.sourceforge.net\n" print "author: shinnai" print "mail: shinnaiatautisticidotorg" print "sit...