138 matches found
Fedora 18 : ReviewBoard-1.7.12-1.fc18 / python-djblets-0.7.16-1.fc18 (2013-13911)
As with all ReviewBoard updates, you will need to run 'rb-site upgrade /path/to/site' for all installed sites after applying this update. == Action Required == The default Apache configuration is now more strict with how it serves up file attachments. This does not apply to existing installations...
Apache suEXEC - Information Disclosure / Privilege Escalation
Apache suEXEC privilege elevation / information disclosure Discovered by Kingcope/Aug 2013 The suEXEC feature provides Apache users the ability to run CGI and SSI programs under user IDs different from the user ID of the calling web server. Normally, when a CGI or SSI program executes, it runs as...
Apache HttpOnly Cookie XSS cross-site vulnerabilities-vulnerability warning-the black bar safety net
Many programs and some commercial or Mature open-source cms article system in order to preventingxssto steal the user cookie issue, are generally used to cookie coupled with the httponly attribute, to prohibit the direct to use js to get the user's cookie, thereby reducingxssharm, and this proble...
YourPHP CMS several security vulnerabilities and repair method-vulnerability warning-the black bar safety net
YourPHP CMS now online also no, the official Demo is not yet up, but last night found that map, do not say The first place ! Linux root directory ! The amount of this is a bunch of sub-directories, you can next to the station to see ! Screenshot of the address the order, but does not affect the...
FreePBX gen_amp_conf.php Information Disclosure
By requesting the 'admin/modules/framework/bin/genampconf.php' script directly, an unauthenticated, remote attacker can discover all the configuration parameters, including the admin password, for the FreePBX installed on the remote host, thereby gaining administrative access to it. %NASLMINLEVEL...
http-apache-negotiation NSE Script
Checks if the target http server has modnegotiation enabled. This feature can be leveraged to find hidden resources and spider a web site using fewer requests. The script works by sending requests for resources like index and home without specifying the extension. If modnegotiate is enabled defau...
Network access control system PacketFence 2.2 released !
PacketFence is a free and open source network access control NAC system. It can be used to effectively secure networks - from small to very large heterogeneous networks. PacketFence has been deployed in production environments where thousands of users are involved - on wired and wireless networks...
CVE-2010-0390
Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extensio...
USN-720-1: PHP vulnerabilities
It was discovered that PHP did not properly enforce phpadminvalue and phpadminflag restrictions in the Apache configuration file. A local attacker could create a specially crafted PHP script that would bypass intended security restrictions. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8....
Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow
Apache modrewrite Windows x86 - Off-by-One Remote Overflow !/bin/sh Exploit for Apache modrewrite off-by-oneWin32. by axis http://www.ph4nt0m.org 2007-04-06 Tested on Apache 2.0.58 Win32 Windows2003 CN SP1 Vulnerable Apache Versions: 1.3 branch: 1.3.28 and 2.0.46 and 2.2.0 and 2006-08-20...
CVE-2004-2734
webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder...
Mandrake Linux Security Advisory : mod_ssl (MDKSA-2002:072)
A cross-site scripting vulnerability was discovered in modssl by Joe Orton. This only affects servers using a combination of wildcard DNS and 'UseCanonicalName off' which is not the default in Mandrake Linux. With this setting turned off, Apache will attempt to use the hostname:port that the clie...
Mandrake Linux Security Advisory : phpgroupware (MDKSA-2003:077)
Several vulnerabilities were discovered in all versions of phpgroupware prior to 0.9.14.006. This latest version fixes an exploitable condition in all versions that can be exploited remotely without authentication and can lead to arbitrary code execution on the web server. This vulnerability is...
[NEWS] GroupWise WebAccess File Disclosure (GWAPACHE.CONF)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20040101
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200402-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org - - - - - - - - - - - - - - - ...
RedHat Apache 2.0.40 - Directory Index Default Configuration Error
RedHat Apache 2.0.40 - Directory Index Default Configuration Error source: https://www.securityfocus.com/bid/8898/info The Red Hat Apache configuration may allow an attacker to view directory listings. The problem is reported to present itself when an attacker issues an HTTP GET request to a...
Apache Double Slash GET Request Forced Directory Listing
It is possible to obtain the listing of the content of the remote web server root by sending the request 'GET // HTTP/1.0' This vulnerability usually affects the default Apache configuration which is shipped with Red Hat Linux, although it might affect other Linux distributions or other web serve...
RedHat Apache 2.0.40 - Directory Index Default Configuration Error
source: https://www.securityfocus.com/bid/8898/info The Red Hat Apache configuration may allow an attacker to view directory listings. The problem is reported to present itself when an attacker issues an HTTP GET request to a vulnerable server containing '//' characters, evading the rule desgined...
CVE-2002-1635
The Apache configuration file httpd.conf in Oracle 9i Application Server 9iAS uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin...
PHP Resource Exhaustion Denial of Service
The PHP interpreter is a heavy-duty CGI EXE or SAPI module, depending on configuration that implements an HTML-embedded script language. A vulnerability in PHP can be used to cause a denial of service in some cases. PHP's install process on Apache requires a "/php/" alias to be created, as it...