5736 matches found
Directory traversal
Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log fil...
Code injection
The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service network bandwidth consumption via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by...
CVE-2007-0086
CVE-2007-0086 targets the Apache HTTP Server. The documented effect is a denial of service caused by a Range header that can cause network bandwidth consumption when a TCP connection is opened with a large window size, via multiple copies of the same fragment. The connected documents provide conc...
CVE-2007-0086
The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service network bandwidth consumption via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by...
CVE-2006-6869
Directory traversal vulnerability in includes/search/searchmdforum.php in MAXdev MDForum 2.0.1 and earlier, when magicquotesgpc is disabled and registerglobals is enabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the PNSVlang cookie to error.php, as...
CVE-2006-6613
Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magicquotesgpc is disabled and registerglobals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. dot dot in the palangincludefile...
CentOS 4 : mod_auth_kerb (CESA-2006:0746)
Updated modauthkerb packages that fix a security flaw and a bug in multiple realm handling are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. modauthkerb is module for the Apache HTTP Server designed to...
RHEL 4 : mod_auth_kerb (RHSA-2006:0746)
The remote Redhat Enterprise Linux 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2006:0746 advisory. modauthkerb is module for the Apache HTTP Server designed to provide Kerberos authentication over HTTP. An off by one flaw was found in the way...
CVE-2006-6445
Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the PNSVlang PNSV lang parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then...
Apache Httpd < 2.0.61 : mod_proxy crash
A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker...
CVE-2006-6390
Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the configdbtype parameter to 1 categories.php, 2 couriers.php, 3...
CVE-2006-6390
Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the configdbtype parameter to 1 categories.php, 2 couriers.php, 3...
mod_auth_kerb security update
CentOS Errata and Security Advisory CESA-2006:0746 Updated modauthkerb packages that fix a security flaw and a bug in multiple realm handling are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. modauthke...
Low: Red Hat Security Advisory: mod_auth_kerb security update
Updated modauthkerb packages that fix a security flaw and a bug in multiple realm handling are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. modauthkerb is module for the Apache HTTP Server designed to...
HP-UX PHSS_35460 : s700_800 11.04 Virtualvault 4.7 IWS update
s700800 11.04 Virtualvault 4.7 IWS update : The remote HP-UX host is affected by multiple vulnerabilities : - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service DoS attack and...
HP-UX PHSS_35461 : s700_800 11.04 Virtualvault 4.5 OWS update
s700800 11.04 Virtualvault 4.5 OWS update : The remote HP-UX host is affected by multiple vulnerabilities : - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service DoS attack and...
CVE-2006-5894
Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when registerglobals is enabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file,...
CVE-2006-5894
The CVE-2006-5894 entry documents a directory traversal flaw in Rama CMS 0.68 and earlier. When register_globals is enabled, an attacker can cause lang.php to include and execute arbitrary local files via a .. in the lang cookie, demonstrated by injecting PHP sequences into an Apache log file tha...
CVE-2006-5733
Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the PNSVlang PNSV lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then includ...
CVE-2005-4814
Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory...