5741 matches found
CVE-2007-6514
Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "" backslash, which is not handled by the intended AddType directive...
CVE-2007-6514
Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "" backslash, which is not handled by the intended AddType directive...
CVE-2007-6514
Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "" backslash, which is not handled by the intended AddType directive...
Code injection
Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "" backslash, which is not handled by the intended AddType directive...
CVE-2007-6514
Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "" backslash, which is not handled by the intended AddType directive...
Apache HTTP Server Windows共享PHP文件扩展映射信息泄露漏洞
BUGTRAQ ID: 26939 CNCAN ID:CNCAN-2007122001 Apache HTTP Server是一款流行的HTTP服务程序。 Apache HTTP Server当处理在Windows SMB共享上的文件请求时存在问题,远程攻击者可以利用漏洞获得任意脚本明文信息。 问题是Apache不正确处理使用正确引擎关联的文件扩展,当处理windows SMB共享上的特定文件请求时存在问题,扩展不正确解析文件而导致敏感信息泄露。 Apache Software Foundation Apache 2.2.6 目前没有解决方案提供:...
CVE-2007-6361
Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by...
Sql injection
SQL injection vulnerability in the David Castro AuthCAS module AuthCAS.pm 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSIONCOOKIENAME session ID in a cookie...
CVE-2007-6342
SQL injection vulnerability in the David Castro AuthCAS module AuthCAS.pm 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSIONCOOKIENAME session ID in a cookie...
CVE-2007-6342
CVE-2007-6342 affects the Apache::AuthCAS module (AuthCAS.pm) version 0.4 used with the Apache HTTP Server. The root cause is an SQL injection: the session ID obtained from the cookie named by SESSION_COOKIE_NAME is directly interpolated into an SQL query (SELECT last_accessed, uid, pgtiou FROM …...
CVE-2007-6342
SQL injection vulnerability in the David Castro AuthCAS module AuthCAS.pm 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSIONCOOKIENAME session ID in a cookie...
Cross site scripting
Cross-site scripting XSS vulnerability in the 1 modimap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the 2 modimagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2007-5000
Cross-site scripting XSS vulnerability in the 1 modimap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the 2 modimagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2007-5000
CVE-2007-5000 affects Apache HTTP Server mod_imap and mod_imagemap (v1.3.0–1.3.39 and v2.0.35–2.0.61). The flaw is due to insufficient input validation, allowing remote script/HTML injection via unspecified vectors. Public advisories note fixes in later Apache releases (and related packages); mit...
CVE-2007-5000
Cross-site scripting XSS vulnerability in the 1 modimap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the 2 modimagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
JVN#80057925: Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap"
The Apache HTTP Server is open source web server software. The Apache HTTP Server modules modimap and modimagemap provide server-side imagemap processing capability. The Apache HTTP Server modules modimap and modimagemap are vulnerable to cross-site scripting. Impact An arbitrary script can be...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tmincludepath parameter to 1 Classes.inc.php, 2 statistic.inc.php, 3 status.inc.php, 4 statustopx.inc.php, or 5 libchart-1.1/libchart.php in include/. NOTE:...
CVE-2007-6231
Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tmincludepath parameter to 1 Classes.inc.php, 2 statistic.inc.php, 3 status.inc.php, 4 statustopx.inc.php, or 5 libchart-1.1/libchart.php in include/. NOTE:...
Apache HTTP Server 413错误HTTP请求方法跨站脚本漏洞
Apache HTTP Server是一款非常流行的HTTP服务程序。 Apache HTTP Server处理特殊构建的HTP方法存在输入验证问题,远程攻击者可以利用漏洞进行跨站脚本攻击,获得敏感信息。 通过提交一个畸形的HTTP方法其可包含恶意负载如Javascript和表单中非法长度数据,可引起Apache HTTP服务器返回客户端提供的脚本代码: Two 'Content-length:' headers equals to zero. i.e.: Content-Length: 0LFContent-Length: 0 One 'Content-length:' header...
Preemptive Protection against Apache HTTP Server 413 Error Page Cross-Site Scripting Vulnerability
A cross-site scripting XSS vulnerability exists in Apache HTTP Server. Apache is a popular web server available for a wide variety of operating systems. Successful exploitation of this vulnerability could result in arbitrary scripting code execution by the user's browser in the context of an...