CVE-2019-14700

The CVE-2019-14700 entry applies to MicroDigital N-series cameras with firmware up to 6400.0.8.5, where HTTPD path traversal allows disclosure of arbitrary files. The root cause is a timing-related access of the filename specified in the TZ parameter, causing exposure when the file exists. Multip...

CVE-2019-14700

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. There is disclosure of the existence of arbitrary files via Path Traversal in HTTPD. This occurs because the filename specified in the TZ parameter is accessed with a substantial delay if that file exists...

CVE-2019-14702

CVE-2019-14702 affects MicroDigital N-series cameras with firmware up to 6400.0.8.5. The vulnerability is SQL injection across 13 HTTPD-accessible forms, enabling an attacker to, for example, create an admin account. The issue is rooted in insecure input handling in the web interface, allowing cr...

CVE-2019-14702

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. SQL injection vulnerabilities exist in 13 forms that are reachable through HTTPD. An attacker can, for example, create an admin account...

CVE-2019-14703

CVE-2019-14703 describes a cross-site request forgery (CSRF) vulnerability in MicroDigital N-series cameras. The issue occurs in HTTPD via the path webparam?user&action=set&param=add, which can be abused to create an admin account. Public details consistently reference firmware up to 6400.0.8.5 a...

CVE-2019-14703

A CSRF issue was discovered in webparam?user&action=set&param=add in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 to create an admin account...

CVE-2019-14704

CVE-2019-14704 describes an SSRF vulnerability in the HTTPD component of MicroDigital N-series cameras (firmware up to 6400.0.8.5). The issue occurs when FTP uploadfile field data contains a newline character, allowing HTTPD to be triggered via crafted FTP commands. Reported impact is high: CVSS ...

CVE-2019-14706

The CVE-2019-14706 entry concerns MicroDigital N-series IP cameras running firmware up to 6400.0.8.5. The vulnerability is a denial-of-service caused by an unauthenticated attacker uploading a file to upload.php with a filename longer than 256 bytes; the file is placed in the updownload area and ...

CVE-2019-14706

A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker without authorization can upload a file to upload.php with a filename longer than 256 bytes. This will be placed in the updownload area. It will not be deleted, because...

Moderate: Red Hat Security Advisory: httpd security and bug fix update

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

keycloak-httpd-client-install: unsafe /tmp log file in --log-file option in keycloak_cli.py

It was discovered that keycloak-httpd-client-install uses a predictable log file name in /tmp. A local attacker could create a symbolic link to a sensitive location, possibly causing data corruption or denial of service...

Low: Red Hat Security Advisory: keycloak-httpd-client-install security, bug fix, and enhancement update

An update for keycloak-httpd-client-install is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CentOS Update for httpd CESA-2019:1898 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

httpd:2.4 security update

httpd 2.4.37-11.0.1 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-11 - Resolves: 1695431 - CVE-2019-0211 httpd: privilege escalation from modules scripts - Resolves: 1696090 - CVE-2019-0215 httpd:2.4/httpd: modssl:...

httpd security update

2.4.6-89.0.1 - replace index.html with Oracle's index page oracleindex.html 2.4.6-89.1 - Resolves: 1719722 - CVE-2018-1312 httpd: Weak Digest auth nonce generation in modauthdigest...

Low: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

EulerOS 2.0 SP8 : subversion (EulerOS-SA-2019-1789)

According to the version of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Subversion's moddavsvn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the...

Apache Httpd < 2.4.41 : CVE-2019-10097 mod_remoteip: Stack buffer overflow and NULL pointer dereference

When modremoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients...

Apache Httpd < 2.4.41 : Limited cross-site scripting in mod_proxy error page

A limited cross-site scripting issue was reported affecting the modproxy error page. An attacker could cause the link on the error page to be malfomed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured ...

CVE-2019-10137

A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitra...