Backdoor found in Chinese Tenda Wireless Routers, allows Root access to Hackers

Last week Craig Heffner, specialized on the embedded device hacking exposed a serious backdoor in number of D-Link routers allows unauthorized backdoor access. Recently he published his another researcher, Titled 'From China, With Love', exposed that D-Link is not only the vendor who puts backdoo...

Opolis.eu Secure Mail Blind SQL Injection / XSS / CSRF / DoS

Opolis.eu suffers from cross site request forgery, cross site scripting, denial of service, and remote blind SQL injection vulnerabilities. The vendor has not responded to the researchers reports of these issues...

Opolis.eu Secure Mail Blind SQL Injection / XSS / CSRF / DoS

========================================================================================================================================================================= OPOLIS.EU SECURE MAIL Blind SQLInjection / Cross site scripting / CSRF / Apacche httpd Remote D.O.S /PHP hangs on parsing...

Amazon Linux AMI : subversion (ALAS-2013-221)

The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service assertion failure or out-of-bounds read via a certain 1 COPY, 2 DELETE, or 3 MOVE request against a revision root. C Tenable Network...

Apache Httpd < 2.4.7 : mod_cache crash

A NULL pointer dereference was found in modcache. A malicious HTTP server could cause a crash in a caching forward proxy configuration. Note that this vulnerability was fixed in the 2.4.7 release, but the security impact was not disclosed at the time of the release...

RedHat Update for php53 RHSA-2013:1050-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache Httpd < 2.2.29 : HTTP Trailers processing bypass

HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. This fix adds the "MergeTrailers" directive to restore legacy behavior...

Apache Httpd < 2.4.12 : HTTP Trailers processing bypass

HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. This fix adds the "MergeTrailers" directive to restore legacy behavior...

httpd: mod_dav DoS (httpd child process crash) via a URI MERGE request with source URI not handled by mod_dav

moddav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service segmentation fault via a MERGE request in which the URI is configured for handling by the moddavsvn module, but a certain href...

Amazon Linux AMI : httpd (ALAS-2011-01)

The MITRE CVE database describes CVE-2011-3192 as : The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service memory and CPU consumption via a Range header that expresses multiple overlapping ranges, a...

Amazon Linux AMI : httpd (ALAS-2013-193)

Cross-site scripting XSS flaws were found in the modproxybalancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially crafted URL, it would lead to arbitrary web script execution in the context of the...

Amazon Linux AMI : httpd (ALAS-2012-46)

It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially crafted URI...

Amazon Linux AMI : httpd (ALAS-2013-174)

Multiple cross-site scripting XSS vulnerabilities in the balancerhandler function in the manager interface in modproxybalancer.c in the modproxybalancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML vi...

Monkey HTTPD Header Parsing Denial of Service (CVE-2013-3843)

A denial of service vulnerability has been reported in Monkey HTTPD Server...

Obehotel CMS SQL Injection Vulnerability

Obehotel CMS suffers from denial of service, insecure transit, directory listing, and remote SQL injection vulnerabilities. OBEHOTEL Spanish CMS Blind SQLinjection / Apache httpd Remote Denial of Service / Directory Listing / Insecure transition from HTTPS to HTTP in form post I-VULNERABILITY...

Obehotel CMS Denial Of Service / SQL Injection

OBEHOTEL Spanish CMS Blind SQLinjection / Apache httpd Remote Denial of Service / Directory Listing / Insecure transition from HTTPS to HTTP in form post I-VULNERABILITY ------------------------- Title: OBEHOTEL CMS Blind SQLinjection / Apache httpd Remote Denial of Service / Directory Listing /...

Fedora Update for httpd FEDORA-2013-13994

Check for the Version of httpd OpenVAS Vulnerability Test Fedora Update for httpd FEDORA-2013-13994 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

Fedora Update for httpd FEDORA-2013-13922

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for httpd FEDORA-2013-13922

Check for the Version of httpd OpenVAS Vulnerability Test Fedora Update for httpd FEDORA-2013-13922 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

Fedora Update for httpd FEDORA-2013-13994

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...