71 matches found
UBUNTU-CVE-2017-20005
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow or a false modification date far in the future, when encountered by the autoindex module...
CVE-2017-20005
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow or a false modification date far in the future, when encountered by the autoindex module...
CVE-2017-20005
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow or a false modification date far in the future, when encountered by the autoindex module...
PT-2017-4158
Name of the Vulnerable Software and Affected Versions NGINX versions prior to 1.13.6 Description The issue is related to the autoindex module's incorrect handling of years exceeding four digits, which can cause an integer overflow. This can be triggered by a file with a modification date in the...
AutoIndex PHP Script (index.php) Directory Traversal Vulnerability
No description provided by source...
AutoIndex PHP Script 2.2.1 Index.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/25448/info AutoIndex PHP Script is prone a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the...
AutoIndex PHP Script 2.2.2/2.2.3 Index.PHP Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26410/info AutoIndex PHP Script is prone to a remote denial-of-service vulnerability because the application fails to properly handle unexpected input. Successfully exploiting this issue allows remote attackers to consume...
AutoIndex PHP Script 2.2.2 PHP_SELF Index.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26411/info AutoIndex PHP Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in...
apr: unconstrained recursion in apr_fnmatch
Stack consumption vulnerability in the fnmatch implementation in aprfnmatch.c in the Apache Portable Runtime APR library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows...
apr: unconstrained recursion in apr_fnmatch
Stack consumption vulnerability in the fnmatch implementation in aprfnmatch.c in the Apache Portable Runtime APR library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows...
DEBIAN-CVE-2011-0419
Stack consumption vulnerability in the fnmatch implementation in aprfnmatch.c in the Apache Portable Runtime APR library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows...
apr: unconstrained recursion in apr_fnmatch
Stack consumption vulnerability in the fnmatch implementation in aprfnmatch.c in the Apache Portable Runtime APR library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows...
mod_autoindex XSS
Cross-site scripting XSS vulnerability in modautoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that th...
AutoIndex PHP Script Directory Traversal
+===================================================================================+ ./SEC-R1Z / / / / /\ \ |/ / \ \ / / / / | | / | | / / \ / / / / | || / | | / / \ \ \ \2009 | \ | | / / / \ /\ / ||\ \ ||/ \ R.I.P MichaelJackson !!!!!...
AutoIndex PHP Script - 'index.php' Directory Traversal
============================================================================== ? AutoIndex PHP Script index.php Directory Traversal Vulnerability ============================================================================== ? My home: http://sec-r1z.com ? Script: AutoIndex PHP Script ? Language:...
AutoIndex PHP Script (index.php) Directory Traversal Vulnerability
Exploit for unknown platform in category web applications ================================================================== AutoIndex PHP Script index.php Directory Traversal Vulnerability ================================================================== ? Script: AutoIndex PHP Script ? Languag...
AutoIndex PHP Script - index.php Directory Traversal
AutoIndex PHP Script - index.php Directory Traversal ============================================================================== ? AutoIndex PHP Script index.php Directory Traversal Vulnerability ============================================================================== ? My home:...
mod_autoindex XSS
Cross-site scripting XSS vulnerability in modautoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that th...
mod_autoindex XSS
Cross-site scripting XSS vulnerability in modautoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that th...
mod_autoindex XSS
Cross-site scripting XSS vulnerability in modautoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that th...