11629 matches found
CVE-2018-20932
cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains SEC-406...
CVE-2018-4018
An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP PUT request or...
CVE-2013-4743
Static HTTP Server 1.0 has a Local Overflow...
CVE-2019-7228
The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack...
CVE-2019-13980
In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads//originals remote code execution with nginx...
CVE-2014-5329
GIGAPOD file servers Appliance model and Software model provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests CVE-2011-3192, which may lead to ...
CVE-2014-5197
Directory traversal vulnerability in 1 Splunk Web or the 2 Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. dot dot in a URI, related to search ids...
CVE-2013-1048
The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an...
CVE-2016-10796
cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files SEC-130...
CVE-2018-16119
Stack-based buffer overflow in the httpd server of TP-Link WR1043nd Firmware Version 3 allows remote attackers to execute arbitrary code via a malicious MediaServer request to /userRpm/MediaServerFoldersCfgRpm.htm...
CVE-2012-4001
The modpagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers...
CVE-2009-3890
Unrestricted file upload vulnerability in the wpcheckfiletype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the modmime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an...
CVE-2002-2076
Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 allows remote attackers to read arbitrary files via a .. dot dot in an HTTP GET request...
CVE-2003-1580
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-lev...
CVE-2003-0647
Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long 2GB HTTP GET request...
CVE-2005-4814
Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory...
CVE-2002-2406
Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 allows remote attackers to cause a denial of service hang via a large number of percent characters % in an HTTP GET request...
CVE-2002-1865
Buffer overflow in the Embedded HTTP server, as used in 1 D-Link DI-804 4.68, Dl-704 V2.56b6, and Dl-704 V2.56b5 and 2 Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 through 1.42.7 and Linksys WAP11 1.3 and 1.4, allows remote attackers to cause a denial of service crash via a lo...
CVE-2002-1823
Buffer overflow in the HttpGetRequest function in Zeroo HTTP server 1.5 allows remote attackers to execute arbitrary code via a long HTTP request...
CVE-2002-1793
HTTP Server modssl module running on HP-UX 11.04 with Virtualvault OS VVOS 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service...