EUVD-2002-0509

Malware in sbrugna...

CVE-2025-40933 Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely

Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is...

PT-2025-33617 · Undefined · Undefined

CVE-2024-12573 - Apache Web Server Authentication Bypass CVE ID : CVE-2024-12573 Published : Aug. 15, 2025, 3:15 p.m. | 2 hours, 49 minutes ago Description : Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-24752 Reason: This candidate is a reservation duplicate of...

SUSE CVE-2003-0189

The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the cryptr or crypt functions, which allows remote attackers to cause a denial of service failed Basic authentication with valid usernames and passwords when a threaded MPM is use...

Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover

Red Hat Satellite's external authentication component is vulnerable to a full account takeover flaw. This flaw allows an attacker with an authenticated account on Single sign-on SSO to gain elevated privileges of existing local users. This issue only affects users who have configured Satellite to...

httpd: ap_get_basic_auth_pw() authentication bypass

It was discovered that the use of httpd's apgetbasicauthpw API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd...

Debian: Security Advisory (DSA-2279-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DSA-2279-1 libapache2-mod-authnz-external - SQL injection

Bulletin has no description...

Debian DSA-1824-1 : phpmyadmin - several vulnerabilities

Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-1150 Cross site scripting vulnerability in the export page allow for an attacker that can pla...

GLSA-200409-35 : Subversion: Metadata information leak

The remote host is affected by the vulnerability described in GLSA-200409-35 Subversion: Metadata information leak There is a bug in modauthzsvn that causes it to reveal logged metadata regarding commits to protected areas. Impact : Protected files themselves will not be revealed, but an attacker...

Subversion: Metadata information leak

Background Subversion is a versioning system designed to be a replacement for CVS. modauthzsvn is an Apache module to do path-based authentication for Subversion repositories. Description There is a bug in modauthzsvn that causes it to reveal logged metadata regarding commits to protected areas...

CVE-2003-0189

The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the cryptr or crypt functions, which allows remote attackers to cause a denial of service failed Basic authentication with valid usernames and passwords when a threaded MPM is use...

CVE-2003-0189

The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the cryptr or crypt functions, which allows remote attackers to cause a denial of service failed Basic authentication with valid usernames and passwords when a threaded MPM is use...

CVE-2003-0189

The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the cryptr or crypt functions, which allows remote attackers to cause a denial of service failed Basic authentication with valid usernames and passwords when a threaded MPM is use...

CVE-2002-0513

The PHP administration script in poppermod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator...

PT-2002-1564 · Apache · Apache

Name of the Vulnerable Software and Affected Versions: popper mod versions 1.2.1 and earlier Description: The issue concerns the PHP administration script in popper mod, which relies on Apache .htaccess authentication. This allows remote attackers to gain privileges if the script is not properly...

RUS-CERT Advisory 2001-08:01

Vulnerabilities in several Apache authentication modules RUS-CERT has discovered that several Apache authentication modules which use SQL databases to store authentication information are vulnerable to a remote SQL code injection attack. Systems Affected Any Apache server using database-based...

RUS-CERT.apache.auth.txt

Vulnerabilities in several Apache authentication modules RUS-CERT has discovered that several Apache authentication modules which use SQL databases to store authentication information are vulnerable to a remote SQL code injection attack. Systems Affected Any Apache server using database-based...