[SECURITY] Fedora 17 Update: php-5.4.16-1.fc17

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

[SECURITY] Fedora 18 Update: php-5.4.16-1.fc18

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

CVE-2013-1862

modrewrite.c in the modrewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator...

CVE-2013-1862

modrewrite.c in the modrewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator...

Command injection

modrewrite.c in the modrewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator...

CVE-2013-1862

CVE-2013-1862 affects Apache HTTP Server 2.2.x up to 2.2.24, where mod_rewrite writes log data without sanitizing non‑printable characters. This can allow a remote attacker to execute arbitrary commands by sending an HTTP request containing an escape sequence for a terminal emulator, with some so...

CVE-2013-1862

modrewrite.c in the modrewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator...

CVE-2013-1862

modrewrite.c in the modrewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator...

CVE-2013-1862

modrewrite.c in the modrewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator...

Apache HTTP Server mod_rewrite Log File Manipulation Vulnerability

A vulnerability in the dorewritelog function of Apache HTTP Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper handling of certain escape sequences by the affected software. An unauthenticated, remote attacker could...

Important: Red Hat Security Advisory: pki-tps security update

An updated pki-tps package that fixes two security issues is now available for Red Hat Certificate System 8.1. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings,...

RedHat Update for httpd RHSA-2013:0815-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache HTTP Server日志内终端转义序列命令注入漏洞

BUGTRAQ ID: 59826 CVECAN ID: CVE-2013-1862 Apache HTTP Server是开源HTTP服务器。 Apache HTTP Server modrewrite向日志文件写入数据时，没有过滤不能打印的字符。如果 modrewrite 使用了指令RewriteLog，远程攻击者可利用此漏洞向日志文件写入终端转义序列。如果HTTP请求包含终端模拟器的转义序列，此漏洞也可造成任意命令执行。 0 Apache Group HTTP Server 2.2.x 厂商补丁： Apache Group ------------...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2013:0815 Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS...

httpd: multiple XSS flaws due to unescaped hostnames

Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...

DEBIAN-CVE-2013-1849

The moddavsvn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a PROPFIND request for an activity URL...

phpMyAdmin 'filename_template' 远程代码执行(CVE-2013-3239)

BUGTRAQ ID: 59465 CVECAN ID: CVE-2013-3239 phpmyadmin是MySQL数据库的在线管理工具，主要功能包括在线创建数据表、运行SQL语句、搜索查询数据以及导入导出数据等。 phpMyAdmin 3.5.x、4.x在配置了SaveDir目录后，通过导出文件文件名的双扩展名，经过身份验证的远程用户可以执行任意代码，导致Apache HTTP服务器将此文件解释为可执行文件。例如：.php.sql文件名。 0 phpMyAdmin 3.x phpMyAdmin 3.5.x 厂商补丁： phpMyAdmin ----------...

CVE-2013-3239

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTT...

Design/Logic Flaw

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTT...

CVE-2013-3239

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTT...