Lucene search
K

138 matches found

Tenable Nessus
Tenable Nessus
added 2013/08/08 12:0 a.m.16 views

Fedora 18 : ReviewBoard-1.7.12-1.fc18 / python-djblets-0.7.16-1.fc18 (2013-13911)

As with all ReviewBoard updates, you will need to run 'rb-site upgrade /path/to/site' for all installed sites after applying this update. == Action Required == The default Apache configuration is now more strict with how it serves up file attachments. This does not apply to existing installations...

5.5AI score
Exploits0References4
Exploit DB
Exploit DB
added 2013/08/07 12:0 a.m.42 views

Apache suEXEC - Information Disclosure / Privilege Escalation

Apache suEXEC privilege elevation / information disclosure Discovered by Kingcope/Aug 2013 The suEXEC feature provides Apache users the ability to run CGI and SSI programs under user IDs different from the user ID of the calling web server. Normally, when a CGI or SSI program executes, it runs as...

7.4AI score
Exploits0
myhack58
myhack58
added 2013/04/19 12:0 a.m.34 views

Apache HttpOnly Cookie XSS cross-site vulnerabilities-vulnerability warning-the black bar safety net

Many programs and some commercial or Mature open-source cms article system in order to preventingxssto steal the user cookie issue, are generally used to cookie coupled with the httponly attribute, to prohibit the direct to use js to get the user's cookie, thereby reducingxssharm, and this proble...

7AI score
Exploits0
myhack58
myhack58
added 2013/01/02 12:0 a.m.24 views

YourPHP CMS several security vulnerabilities and repair method-vulnerability warning-the black bar safety net

YourPHP CMS now online also no, the official Demo is not yet up, but last night found that map, do not say The first place ! Linux root directory ! The amount of this is a bunch of sub-directories, you can next to the station to see ! Screenshot of the address the order, but does not affect the...

0.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/02/22 12:0 a.m.54 views

FreePBX gen_amp_conf.php Information Disclosure

By requesting the 'admin/modules/framework/bin/genampconf.php' script directly, an unauthenticated, remote attacker can discover all the configuration parameters, including the admin password, for the FreePBX installed on the remote host, thereby gaining administrative access to it. %NASLMINLEVEL...

5.6AI score
Exploits0References3
Nmap
Nmap
added 2011/12/08 8:50 p.m.307 views

http-apache-negotiation NSE Script

Checks if the target http server has modnegotiation enabled. This feature can be leveraged to find hidden resources and spider a web site using fewer requests. The script works by sending requests for resources like index and home without specifying the extension. If modnegotiate is enabled defau...

10CVSS0.99448EPSS
Exploits33
The Hacker News
The Hacker News
added 2011/05/04 4:46 a.m.16 views

Network access control system PacketFence 2.2 released !

PacketFence is a free and open source network access control NAC system. It can be used to effectively secure networks - from small to very large heterogeneous networks. PacketFence has been deployed in production environments where thousands of users are involved - on wired and wireless networks...

6.9AI score
Exploits0
Cvelist
Cvelist
added 2010/01/26 6:0 p.m.20 views

CVE-2010-0390

Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extensio...

7.8AI score0.03336EPSS
Exploits1References3
Ubuntu
Ubuntu
added 2009/02/12 7:13 p.m.103 views

USN-720-1: PHP vulnerabilities

It was discovered that PHP did not properly enforce phpadminvalue and phpadminflag restrictions in the Apache configuration file. A local attacker could create a specially crafted PHP script that would bypass intended security restrictions. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8....

10CVSS7.7AI score0.07371EPSS
Exploits8
exploitpack
exploitpack
added 2007/04/07 12:0 a.m.79 views

Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow

Apache modrewrite Windows x86 - Off-by-One Remote Overflow !/bin/sh Exploit for Apache modrewrite off-by-oneWin32. by axis http://www.ph4nt0m.org 2007-04-06 Tested on Apache 2.0.58 Win32 Windows2003 CN SP1 Vulnerable Apache Versions: 1.3 branch: 1.3.28 and 2.0.46 and 2.2.0 and 2006-08-20...

7.6CVSS0.7AI score0.96436EPSS
Exploits20
NVD
NVD
added 2004/12/31 5:0 a.m.20 views

CVE-2004-2734

webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder...

10CVSS6.8AI score0.03998EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2004/07/31 12:0 a.m.26 views

Mandrake Linux Security Advisory : mod_ssl (MDKSA-2002:072)

A cross-site scripting vulnerability was discovered in modssl by Joe Orton. This only affects servers using a combination of wildcard DNS and 'UseCanonicalName off' which is not the default in Mandrake Linux. With this setting turned off, Apache will attempt to use the hostname:port that the clie...

7.5CVSS5AI score0.09701EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/07/31 12:0 a.m.15 views

Mandrake Linux Security Advisory : phpgroupware (MDKSA-2003:077)

Several vulnerabilities were discovered in all versions of phpgroupware prior to 0.9.14.006. This latest version fixes an exploitable condition in all versions that can be exploited remotely without authentication and can lead to arbitrary code execution on the web server. This vulnerability is...

4.3CVSS6.1AI score0.01343EPSS
Exploits0References2
securityvulns
securityvulns
added 2004/03/18 12:0 a.m.30 views

[NEWS] GroupWise WebAccess File Disclosure (GWAPACHE.CONF)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

7AI score
Exploits0
securityvulns
securityvulns
added 2004/02/09 12:0 a.m.42 views

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20040101

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200402-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org - - - - - - - - - - - - - - - ...

Exploits0
exploitpack
exploitpack
added 2003/10/27 12:0 a.m.14 views

RedHat Apache 2.0.40 - Directory Index Default Configuration Error

RedHat Apache 2.0.40 - Directory Index Default Configuration Error source: https://www.securityfocus.com/bid/8898/info The Red Hat Apache configuration may allow an attacker to view directory listings. The problem is reported to present itself when an attacker issues an HTTP GET request to a...

0.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2003/10/27 12:0 a.m.68 views

Apache Double Slash GET Request Forced Directory Listing

It is possible to obtain the listing of the content of the remote web server root by sending the request 'GET // HTTP/1.0' This vulnerability usually affects the default Apache configuration which is shipped with Red Hat Linux, although it might affect other Linux distributions or other web serve...

5CVSS5.6AI score0.05439EPSS
Exploits1References2
Exploit DB
Exploit DB
added 2003/10/27 12:0 a.m.92 views

RedHat Apache 2.0.40 - Directory Index Default Configuration Error

source: https://www.securityfocus.com/bid/8898/info The Red Hat Apache configuration may allow an attacker to view directory listings. The problem is reported to present itself when an attacker issues an HTTP GET request to a vulnerable server containing '//' characters, evading the rule desgined...

7.4AI score
Exploits0
NVD
NVD
added 2002/12/31 5:0 a.m.20 views

CVE-2002-1635

The Apache configuration file httpd.conf in Oracle 9i Application Server 9iAS uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin...

5CVSS6.5AI score0.04407EPSS
Exploits0References3
securityvulns
securityvulns
added 2002/07/23 12:0 a.m.44 views

PHP Resource Exhaustion Denial of Service

The PHP interpreter is a heavy-duty CGI EXE or SAPI module, depending on configuration that implements an HTML-embedded script language. A vulnerability in PHP can be used to cause a denial of service in some cases. PHP's install process on Apache requires a "/php/" alias to be created, as it...

Exploits0
Rows per page
Query Builder