Sergey Lyubka: Security Vulnerabilities
Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the URI.
CVSS Score
5.0
EPSS Score
0.002
Published
2009-12-31
Directory traversal vulnerability in Mongoose 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
CVSS Score
4.0
EPSS Score
0.014
Published
2009-04-21
Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI.
CVSS Score
5.0
EPSS Score
0.06
Published
2007-12-13
Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to obtain sensitive information (script source code) via a URL with a trailing encoded space (%20).
CVSS Score
5.0
EPSS Score
0.105
Published
2007-06-26
Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.34 allows remote attackers to execute arbitrary code via a long URI.
CVSS Score
7.5
EPSS Score
0.805
Published
2006-10-10