25 matches found
CVE-2026-21240
Time-of-check time-of-use toctou race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally...
EUVD-2010-5298
Malware in sbrugna...
CVE-2025-53805
CVE-2025-53805 affects Windows Internet Information Services (IIS) via an out-of-bounds read in HTTP.sys, enabling an unauthenticated attacker to deny service over the network. The vulnerability is categorized as Denial-of-Service with network attack vector and high severity (CVSS 7.5, NETWORK/NO...
CVE-2010-10012
A path traversal vulnerability exists in httpdasm version 0.92, a lightweight Windows HTTP server, that allows unauthenticated attackers to read arbitrary files on the host system. By sending a specially crafted GET request containing a sequence of URL-encoded backslashes and directory traversal...
CVE-2010-10012 httpdASM 0.92 Path Traversal
A path traversal vulnerability exists in httpdasm version 0.92, a lightweight Windows HTTP server, that allows unauthenticated attackers to read arbitrary files on the host system. By sending a specially crafted GET request containing a sequence of URL-encoded backslashes and directory traversal...
CVE-2010-10012
Affected product: httpdasm 0.92 (Windows HTTP server). Issue: path traversal via a crafted GET containing URL-encoded backslashes and directory traversal patterns allows unauthenticated read of arbitrary host files, escaping the web root. Root cause: directory traversal flaw enabling access outsi...
CVE-2010-10012 httpdASM 0.92 Path Traversal
A path traversal vulnerability exists in httpdasm version 0.92, a lightweight Windows HTTP server, that allows unauthenticated attackers to read arbitrary files on the host system. By sending a specially crafted GET request containing a sequence of URL-encoded backslashes and directory traversal...
New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants
Cisco Talos recently discovered a new malware family were calling "HTTPSnoop" being deployed against telecommunications providers in the Middle East. HTTPSnoop is a simple, yet effective, backdoor that consists of novel techniques to interface with Windows HTTP kernel drivers and devices to liste...
The vulnerability of the HTTP-protocol implementation (http.sys) in Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the HTTP-protocol implementation http.sys in Windows operating systems exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code via a specially crafted HTTP/3 request from a remote location...
Microsoft Windows 安全漏洞
Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows HTTP.sys. The following products and versions are affected: Windows 7 for 32-bit Systems Service Pack 1,Windows 7 for x64-based System...
CVE-2025-34096
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/easyfilesharingpost.rb 2025-10-23 21:13:04+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...
Acritum Femitter v1.03 Directory Traversal Exploit
Exploit for windows platform in category remote exploits ================================================== Acritum Femitter v1.03 Directory Traversal Exploit ================================================== Acritum Femitter v1.03 Directory Traversal Exploit Found By: DrIDE Date: Apr. 20, 2010...
Mereo Web Server 1.8 - Source Code Disclosure
Mereo Web Server 1.8 - Source Code Disclosure Mereo Web Server v1.8 Multiple Remote Source Code Disclosure Found By: DrIDE Tested On: Windows XPSP3 - Description - Mereo Web Server v1.8 is a Windows based HTTP server. This is the latest version of the application available. Mereo is vulnerable to...
Integer overflow
Integer underflow in Windows HTTP Services aka WinHTTP in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windo...
CVE-2009-0089
Windows HTTP Services aka WinHTTP in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate...
Design/Logic Flaw
Windows HTTP Services aka WinHTTP in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate...
CVE-2009-0550
Windows HTTP Services aka WinHTTP in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows...
CVE-2009-0550
CVE-2009-0550 impacts Windows HTTP Services (WinHTTP) and WinINet used by Internet Explorer, on Windows 2000 SP4, XP SP2/SP3, Server 2003, Vista, and Server 2008; the vulnerability allows an attacker-controlled remote web server to capture NTLM credentials and replay them, and to execute arbitrar...
CVE-2009-0089
CVE-2009-0089 describes a vulnerability in Windows HTTP Services (WinHTTP) where remote servers could impersonate HTTPS sites via DNS spoofing and forward a connection to a host with a valid certificate for a different domain. Affected: Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, and Vista...
PT-2009-2789 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version Description: A spoofing issue exists due to incomplete validation of the distinguished name in a digital certificate. This can be combined with other attacks, such as DNS spoofing, allowin...