1212 matches found
PT-2004-1827 · Apache · Apache +1
Name of the Vulnerable Software and Affected Versions: Apache versions 2.0.50 and earlier Description: The issue allows remote attackers to cause a denial of service by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop, consuming CPU resources...
Apache: Buffer overflow in mod_ssl
Background Apache is the most popular Web server on the Internet. modssl provides Secure Sockets Layer encryption and authentication to Apache 1.3. Apache 2 contains the functionality of modssl. Description A bug in the function sslutiluuencodebinary in sslutil.c may lead to a remote buffer...
security flaw
Memory leak in sslengineio.c for modssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service memory consumption via plain HTTP requests to the SSL port of an SSL-enabled server...
PHP setting leaks from .htaccess files on virtual hosts
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description If the server configuration "php.ini" file has "registerglobals = on" and a request is made to one virtual host which has "phpadminflag...
apache2047.txt
APACHE HTTPD SERVER current version 2.0.47: How to return files in a Apache Deny All directory. The Directives controlling host access may be bypassed even if they have not permission to be override. 11 Jan 2004 DESCRIPTION Apache Web Server allows manage configurations via the main httpd.conf...
CVE-2003-1171
Heap-based buffer overflow in the secfilterout function in modsecurity 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data...
DEBIAN-CVE-2003-1307
The modphp module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: th...
PT-2003-1879 · Apache · Apache +1
Name of the Vulnerable Software and Affected Versions: Apache versions prior to 2.0.48 Description: The issue arises from the mishandling of CGI redirect paths by mod cgid when a threaded Multi-Processing Module MPM is used. This could cause Apache to send the output of a CGI program to the wrong...
Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
No description provided by source. !/usr/bin/perl Apache 2.0.37 - 2.0.45 APR Exploit Written By Matthew Murphy This Perl script will successfully exploit any un-patched Apache 2.x servers. Base64 Encoder If you want authentication with the server via HTTP's lame Basic auth, put the proper string ...
Apache 2.0.45 - 'APR' Crash
!/usr/bin/perl Apache 2.0.37 - 2.0.45 APR Exploit Written By Matthew Murphy This Perl script will successfully exploit any un-patched Apache 2.x servers. Base64 Encoder If you want authentication with the server via HTTP's lame Basic auth, put the proper string to encode BASE64 content, and use...
Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
Exploit for linux platform in category remote exploits ================================================ Webfroot Shoutbox ';fclose$h;? HTTP/1.1\nHost: 127.0.0.1\nConnection: Close\n\n"; my $conn; if $ARGV0 eq "x" || $ARGV0 eq "r" $type = $ARGV0; else print "x Webfroot Shoutbox 2.32 on apache...
Mod_NTLM 0.x - Authorisation Heap Overflow
source: https://www.securityfocus.com/bid/7388/info The modntlm Apache module has been reported prone to a heap overflow vulnerability. The vulnerability occurs due to a lack of sufficient bounds checking performed on user-supplied data, stored in heap memory. By supplying excessive data an...
cpanel.pl
cpanel-plus.pl exploit Spawn bash style Shell on Apache CPANEL Spabam 2003 PRIV8 code hackarena irc.brasnet.org This Script is currently under development use strict; use IO::Socket; my $host; my $port; my $command; my $url; my @results; my $probe; my @U; my $shit; $U1 =...
YABB SE 0.8/1.4/1.5 - 'Packages.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/6663/info YaBB SE allows remote users to influence the location of included files. A remote attacker may exploit this condition to cause an external, attacker-supplied file to be included and executed by YABB SE. This may allow a remote attacker to execut...
CVE-2002-2309
php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments...
DSA-181 libapache-mod-ssl - cross site scripting
Bulletin has no description...
security flaw
Off-by-one buffer overflow in the sslcompatdirective function, as called by the rewritecommand hook for modssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries...
DSA-137 mm - insecure temporary files
Bulletin has no description...
PHP Interpreter 3.0.x/4.0.x/4.1/4.2 - Direct Invocation Denial of Service
// source: https://www.securityfocus.com/bid/5280/info It is possible, under some circumstances, for remote attackers to invoke the PHP interpreter from the web. If the interpreter is invoked with no command line options, it will hang. Attackers may exploit this condition to cause a denial of...
CVE-2002-0653
Off-by-one buffer overflow in the sslcompatdirective function, as called by the rewritecommand hook for modssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries...