Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT request, as exploited in the wild in 2011.
More details here:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2900
Most Liked
Latest Member Comments
Latest Posts
- Facebook Shuts Down Two Hacking Groups in Palestine
- Cloud Security Alliance Shares Security Guidance for Crypto-Assets Exchange
- Intel Corp. to Speak at SecurityWeek Supply Chain Security Summit
- GitHub Hires Former Cisco Executive Mike Hanley as Chief Security Officer
- Reddit Names Allison Miller as Chief Information Security Officer (CISO)
- SecurityWeek Names Ryan Naraine as Editor-at-Large
- Why Cyber Security Should Be at the Top of Your Christmas List
- United States Federal Government’s Shift to Identity-Centric Security
- How Extreme Weather Will Create Chaos on Infrastructure
- BSIMM11 Observes the Cutting Edge of Software Security Initiatives