Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

465 matches found

RedHat Linux
RedHat Linuxadded 2014/08/21 3:29 p.m.1 views

httpd: mod_cgid denial of service

A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...

5CVSS6.7AI score0.43809EPSS
Exploits1References5
OPENSUSE Linux
OPENSUSE Linuxadded 2014/08/07 11:4 p.m.54 views

security issues addressed, most notably the mod_security heap overflow known as CVE-2014-0226 (important)

apache2: - ECC support was added to modssl - fix for a race condition in modstatus known as CVE-2014-0226 can lead to information disclosure; modstatus is not active by default, and is normally only open for connects from localhost. - fix for bug known as CVE-2014-0098 that can crash the apache...

6.8CVSS0.2AI score0.85744EPSS
Exploits8References6
Amazon
Amazonadded 2014/07/31 12:0 a.m.92 views

Important: httpd24

Issue Overview: A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a specially crafted request that would cau...

6.8CVSS8.4AI score0.85744EPSS
Exploits5
Tenable Nessus
Tenable Nessusadded 2014/07/31 12:0 a.m.50 views

Mandriva Linux Security Advisory : apache (MDVSA-2014:142)

Updated apache package fixes security vulnerabilities : A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a...

6.8CVSS7.7AI score0.85744EPSS
Exploits5References4
Tenable Nessus
Tenable Nessusadded 2014/07/26 12:0 a.m.46 views

Debian DSA-2989-1 : apache2 - security update

Several security issues were found in the Apache HTTP server. - CVE-2014-0118 The DEFLATE input filter inflates request bodies in moddeflate allows remote attackers to cause a denial of service resource consumption via crafted request data that decompresses to a much larger size. - CVE-2014-0226 ...

6.8CVSS7.3AI score0.85744EPSS
Exploits5References8
Debian
Debianadded 2014/07/24 10:19 p.m.57 views

[SECURITY] [DSA 2989-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2989-1 [email protected] http://www.debian.org/security/ Stefan Fritsch July 24, 2014 http://www.debian.org/security/faq -...

6.8CVSS10AI score0.85744EPSS
Exploits5
OpenVAS
OpenVASadded 2014/07/24 12:0 a.m.60 views

Debian Security Advisory DSA 2989-1 (apache2 - security update)

Several security issues were found in the Apache HTTP server. CVE-2014-0118 The DEFLATE input filter inflates request bodies in moddeflate allows remote attackers to cause a denial of service resource consumption via crafted request data that decompresses to a much larger size. CVE-2014-0226 A ra...

6.8CVSS0.8AI score0.85744EPSS
Exploits5References1
OSV
OSVadded 2014/07/24 12:0 a.m.52 views

DSA-2989-1 apache2 - security update

Bulletin has no description...

6.8CVSS6AI score0.85744EPSS
Exploits5
Tenable Nessus
Tenable Nessusadded 2014/07/24 12:0 a.m.52 views

Scientific Linux Security Update : httpd on SL5.x, SL6.x i386/x86_64 (20140723)

A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a specially crafted request that would cause the httpd chi...

6.8CVSS7.6AI score0.85744EPSS
Exploits5References4
Cent OS
Cent OSadded 2014/07/23 3:36 p.m.114 views

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

CentOS Errata and Security Advisory CESA-2014:0921 Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...

6.8CVSS7AI score0.85744EPSS
Exploits7References7
FreeBSD
FreeBSDadded 2014/07/19 12:0 a.m.54 views

apache22 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports: moddeflate: The DEFLATE input filter inflates request bodies now limits the length and compression ratio of inflated request bodies to avoid denial of service via highly compressed bodies. See directives DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,...

6.1AI score
Exploits0
seebug.org
seebug.orgadded 2014/07/01 12:0 a.m.37 views

CNC Technology BizDB 1.0 bizdb-search.cgi Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1104/info BizDB is a web databse integration product using perl CGI scripts. One of the scripts, bizdb-search.cgi, passes a variable's contents to an unchecked open call and can therefore be made to execute commands at th...

7.1AI score
Exploits0
seebug.org
seebug.orgadded 2014/07/01 12:0 a.m.35 views

Zeus Web Server 3.x Null Terminated Strings Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/977/info Appending %00 to the end of a CGI script filename will permit a remote client to view full contents of the script if the CGI module option allow CGIs anywhere is enabled. Scripts located in directories which are...

7.1AI score
Exploits0
seebug.org
seebug.orgadded 2014/07/01 12:0 a.m.17 views

Power Up HTML 0.8033 beta Directory Traversal Arbitrary File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3304/info Power Up HTML is a set of HTML-like commands that can be placed into web pages. It provides a central routing point to simplify programming and customization of CGI scripts. A vulnerability exists in Power Up HT...

7.1AI score
Exploits0
seebug.org
seebug.orgadded 2014/07/01 12:0 a.m.9 views

BizDesign ImageFolio 2.x/3.0.1 nph-build.cgi XSS

No description provided by source. source: http://www.securityfocus.com/bid/6265/info Reportedly, ImageFolio is prone to cross site scripting attacks due to insufficient sanitization of user-supplied input. The vulnerability exists in various cgi scripts included with ImageFolio. As a result, it ...

7.1AI score
Exploits0
seebug.org
seebug.orgadded 2014/07/01 12:0 a.m.30 views

Apache suEXEC Privilege Elevation / Information Disclosure

No description provided by source. Apache suEXEC privilege elevation / information disclosure Discovered by Kingcope/Aug 2013 The suEXEC feature provides Apache users the ability to run CGI and SSI programs under user IDs different from the user ID of the calling web server. Normally, when a CGI ...

7.1AI score
Exploits0
seebug.org
seebug.orgadded 2014/07/01 12:0 a.m.15 views

Computer Software Manufaktur Alibaba 2.0 Piped Command Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1485/info Alibaba Web Server fails to filter piped commands when executing cgi-scripts. This can be used to execute commands with the privileges of the web server process on a target machine...

7.1AI score
Exploits0
seebug.org
seebug.orgadded 2014/07/01 12:0 a.m.11 views

D-Link WBR-1310 Authentication Bypass Vulnerability

No description provided by source. Exploit Title: D-Link WBR-1310 Authentication Bypass Vulnerability Shodan Dork: Embedded HTTP Server 2.00 Date: 22-Dec-2010 Author: Craig Heffner, /dev/ttyS0 Software Link: http://www.dlink.com/products/?pid=474 Version: 2.00 Tested on: WBR-1301, firmware versio...

7.1AI score
Exploits0
seebug.org
seebug.orgadded 2014/07/01 12:0 a.m.13 views

BizDesign ImageFolio 2.x/3.0.1 imageFolio.cgi direct Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/6265/info Reportedly, ImageFolio is prone to cross site scripting attacks due to insufficient sanitization of user-supplied input. The vulnerability exists in various cgi scripts included with ImageFolio. As a result, it ...

7.1AI score
Exploits0
Packet Storm
Packet Stormadded 2014/06/27 12:0 a.m.165 views

Python CGIHTTPServer File Disclosure / Code Execution

Advisory: Python CGIHTTPServer File Disclosure and Potential Code Execution The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary CGI scripts in the server's document root...

7.9AI score0.24148EPSS
Exploits5
Rows per page
Query Builder