CVE-2004-2116
published 2004-12-31CVE-2004-2116: Directory traversal vulnerability in Tiny Server 1.1 allows remote attackers to read or download arbitrary files via a .. (dot dot) in the URL.
PriorityP433medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
8.67%
94.5th percentile
Directory traversal vulnerability in Tiny Server 1.1 allows remote attackers to read or download arbitrary files via a .. (dot dot) in the URL.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tinyserver | tinyserver | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
RhinoSoft Serv-U FTP Server 3.x/4.x/5.0 - 'LIST' Buffer Overflow
exploitdb·2004-04-20
CVE-2004-1992 RhinoSoft Serv-U FTP Server 3.x/4.x/5.0 - 'LIST' Buffer Overflow
RhinoSoft Serv-U FTP Server 3.x/4.x/5.0 - 'LIST' Buffer Overflow
---
source: https://www.securityfocus.com/bid/10181/info
Reportedly Serv-U is affected by a remote buffer overflow vulnerability in the list parameter. This issue is due to a failure of the application to properly validate buffer boundaries during processing of user input.
Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system with the privileges of the user that invoked the vulnerable application, although this has not been confirmed.
#!/usr/bin/perl
use IO::Socket;
$host = "www.example.com";
$remote = IO::Socket::INET->new ( Proto => "tcp",
PeerAddr => $host,
PeerPort => "2116",
);
unless ($remo
Exploit-DB
tinyserver 1.1 - Directory Traversal
exploitdb·2004-01-24
CVE-2004-2116 tinyserver 1.1 - Directory Traversal
tinyserver 1.1 - Directory Traversal
---
source: https://www.securityfocus.com/bid/9485/info
TinyServer is prone to multiple vulnerabilities.
A directory traversal issue is present in TinyServer that could allow a remote user to view or download any file to which the server has access.
A denial of service issue exists due to the failure of the server to check input strings received. Attackers can crash the server by simply sending malformed HTTP GET requests. Sending an HTTP GET request with excessively long data can also cause the server to fail. It is not known if this issue may also result in code execution.
A cross-site scripting issue is also present in the server. This could allow for theft of cookie-based authentication credentials or other attacks.
http://[host]/../../window
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=107496530806730&w=2http://packetstormsecurity.com/files/129320/Tiny-Server-1.1.9-Arbitrary-File-Disclosure.htmlhttp://secunia.com/advisories/10707http://www.autistici.org/fdonato/advisory/tinyServer1.1%5B1.0.5%5D-adv.txthttp://www.osvdb.org/3708http://www.securityfocus.com/bid/9485https://exchange.xforce.ibmcloud.com/vulnerabilities/14927https://exchange.xforce.ibmcloud.com/vulnerabilities/99048http://marc.info/?l=bugtraq&m=107496530806730&w=2http://packetstormsecurity.com/files/129320/Tiny-Server-1.1.9-Arbitrary-File-Disclosure.htmlhttp://secunia.com/advisories/10707http://www.autistici.org/fdonato/advisory/tinyServer1.1%5B1.0.5%5D-adv.txthttp://www.osvdb.org/3708http://www.securityfocus.com/bid/9485https://exchange.xforce.ibmcloud.com/vulnerabilities/14927https://exchange.xforce.ibmcloud.com/vulnerabilities/99048
2004-12-31
Published