| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 2 Feb 2009 17:59:00 -0700 From: ew1zz@...mail.com To: bugtraq@...urityfocus.com Subject: NaviCopa webserver 3.01 Multiple Vulnerabilities ###################### NaviCopa webserver 3.0.1 Multiple Vulnerabilities ################# ##### By: e.wiZz! Bosnian Idiot FTW! ##### Mail: ew1zz@...mail.com ##### Greetz goes to GYEZ(you know who you are lol) In the wild... ################################################ ##### Vendor site: http://www.navicopa.com/ ##### Platforms: Windows OS only #####Info: Award Winning NaviCOPA is ideal for business users who require a powerful and flexible Web Server, but don't want to have to spend months learning how to configure it. ######[Script Source Disclousure]############### If we add dot at end of URI,server won't execute script,so we can see source code: PoC: http://localhost/index.html. ###########[Buffer Overflow]##################### Buffer Overflow exist if we supply more than 5400~ characters to root directory.Similar thing reported at version 2.01 of this software http://www.securityfocus.com/bid/20250 (/cgi-bin/AAAA..) PoC: GET /AAAAAAAAAAAAAAAAAA... HTTP/1.0 In memory of shinnai.
Powered by blists - more mailing lists