Scientific Linux Security Update : httpd on SL4.x i386/x86_64

A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker...

hadoop-jobtracker-info NSE Script

Retrieves information from an Apache Hadoop JobTracker HTTP status page. Information gathered: State of the JobTracker. Date/time the service was started Hadoop version Hadoop Compile date JobTracker ID Log directory relative to Associated TaskTrackers Optionally also user activity history Script...

hbase-master-info NSE Script

Retrieves information from an Apache HBase Hadoop database master HTTP status page. Information gathered: Hbase version Hbase compile date Hbase root directory Hadoop version Hadoop compile date Average load Zookeeper quorum server Associated region servers Script Arguments slaxml.debug See the...

hadoop-datanode-info NSE Script

Discovers information such as log directories from an Apache Hadoop DataNode HTTP status page. Information gathered: Log directory relative to Script Arguments slaxml.debug See the documentation for the slaxml library. http.host, http.max-body-size, http.max-cache-size, http.max-pipeline,...

hadoop-namenode-info NSE Script

Retrieves information from an Apache Hadoop NameNode HTTP status page. Information gathered: Date/time the service was started Hadoop version Hadoop compile date Upgrades status Filesystem directory relative to Log directory relative to Associated DataNodes. Script Arguments slaxml.debug See the...

hadoop-tasktracker-info NSE Script

Retrieves information from an Apache Hadoop TaskTracker HTTP status page. Information gathered: Hadoop version Hadoop Compile date Log directory relative to Script Arguments slaxml.debug See the documentation for the slaxml library. http.host, http.max-body-size, http.max-cache-size,...

CVE-2010-2477

Multiple cross-site scripting XSS vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to 1 paste.urlparser.StaticURLParser, 2...

CVE-2010-3903

Unspecified vulnerability in OpenConnect before 2.23 allows remote AnyConnect SSL VPN servers to cause a denial of service application crash via a 404 HTTP status code...

Code injection

Unspecified vulnerability in OpenConnect before 2.23 allows remote AnyConnect SSL VPN servers to cause a denial of service application crash via a 404 HTTP status code...

OpenX install.php / install-plugin.php Admin Authentication Bypass

The version of OpenX hosted on the remote web server has an authentication bypass vulnerability. Sending a specially crafted request to install.php or install-plugin.php bypasses the normal authentication process. A remote attacker could exploit this to gain administrative access to the OpenX...

Code to mitigate IIS semicolon zero-day

This mitigation should help block attempts to exploit the IIS semicolon zero-day BID 37460, but no warranties and no guarantees. It didn't crash my web servers during testing, but I make no representations as to how it will or won't perform on anyone else's web servers. This mitigation is only...

FormMail 1.92 XSS / HTTP Response Splitting

FormMail 1.92 Multiple Vulnerabilities Name Multiple Vulnerabilities in FormMail Systems Affected FormMail 1.92 and possibly earlier versions Severity Medium Impact CVSSv2 Medium 4.3/10, vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Vendor http://www.scriptarchive.com/formmail.html Advisory...

Moderate: Red Hat Security Advisory: httpd security, bug fix, and enhancement update

Updated httpd packages that fix a security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web...

Cross site scripting

Cross-site scripting XSS vulnerability in the Servlet Service in Fujitsu Interstage Application Server IJServer 8.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving web.xml and HTTP 404 and 500 status codes...

CVE-2007-1504

Cross-site scripting XSS vulnerability in the Servlet Service in Fujitsu Interstage Application Server IJServer 8.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving web.xml and HTTP 404 and 500 status codes...

Woltlab Burning Board 1.0.22.3.6 - search.php SQL Injection (2)

Woltlab Burning Board 1.0.22.3.6 - search.php SQL Injection 2 !/usr/bin/perl Woltlab Burning Board 2.X/Lite search.php SQL Injection exploit - burned.pl written by trew should work on every wbb regardless of php settings. v 1.2 - added 1337 sql filter evasion, version identification,better...

CVE-2003-0105

ServerMask 2.2 and earlier does not obfuscate 1 ETag, 2 HTTP Status Message, or 3 Allow HTTP responses, which could tell remote attackers that the web server is an IIS server...