5 results (0.022 seconds)

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1

Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the URI. Mongoose v2.8.0 y anteriores permite a atacantes remotos obtener el código fuente de una página web añadiendo ::$DATA a la URI. • http://packetstormsecurity.org/0910-exploits/mongoose-disclose.txt http://secunia.com/advisories/36934 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.0EPSS: 1%CPEs: 1EXPL: 2

Directory traversal vulnerability in Mongoose 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. Vulnerabilidad de salto de directorio en Mongoose v2.4 permite a atacantes remotos leer ficheros de forma arbitraria a través de .. (punto punto) en el URI. • https://www.exploit-db.com/exploits/8428 http://www.securityfocus.com/archive/1/502648/100/0/threaded http://www.securityfocus.com/bid/34510 https://exchange.xforce.ibmcloud.com/vulnerabilities/49878 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 3

Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI. Sergey Lyubka Simple HTTPD (shttpd) 1.3 en Windows permite a atacantes remotos provocar una denegación de servicio mediante una petición que incluye un nombre de dispositivo MS-DOS, como ha sido demostrado por el URI /aux. • https://www.exploit-db.com/exploits/4717 http://shinnai.altervista.org/exploits/txt/TXT_8kXDua0a0Tl5Vm5LU3ms.html http://www.securityfocus.com/bid/26813 https://exchange.xforce.ibmcloud.com/vulnerabilities/38980 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 2

Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to obtain sensitive information (script source code) via a URL with a trailing encoded space (%20). Sergey Lyubka Simple HTTPD (shttpd) 1.38 permite a atacantes remotos obtener información sensible (código fuente de secuencias de comandos) mediante un URL con un rastro de espacio codificado (%20). • https://www.exploit-db.com/exploits/30229 http://osvdb.org/37732 http://secunia.com/advisories/25809 http://securityreason.com/securityalert/2832 http://www.securityfocus.com/archive/1/472190/100/0/threaded http://www.securityfocus.com/bid/24618 https://exchange.xforce.ibmcloud.com/vulnerabilities/35038 •

CVSS: 7.5EPSS: 94%CPEs: 1EXPL: 2

Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.34 allows remote attackers to execute arbitrary code via a long URI. Desbordamiento de búfer basado en pila en Sergey Lyubka Simple HTTPD (shttpd) 1.34 permite a atacantes remotos ejecutar código de su elección mediante un URI (Identificador Uniforme de Recurso) largo. • https://www.exploit-db.com/exploits/2482 https://www.exploit-db.com/exploits/16759 http://exploitlabs.com/files/advisories/EXPL-A-2006-005-shttpd.txt http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050146.html http://secunia.com/advisories/22294 http://securitytracker.com/id?1017088 http://www.securityfocus.com/bid/20393 http://www.vupen.com/english/advisories/2006/3939 https://exchange.xforce.ibmcloud.com/vulnerabilities/29368 •