Moderate httpd security update

2.0.52-28.1 - changed index.html to oracleindex.html 2.0.52-28.ent - add security fix for Expect header XSS CVE-2006-3918, 200732...

Apache mod_tcl module contains a format string error

Overview A format string vulnerability exists in the modtcl Apache module. This vulnerability may allow a remote attacker to execute arbitrary code. Description The Apache HTTP Server, also known as httpd, is an open-source HTTP server that runs on Microsoft Windows, Linux, Unix, and Apple OS X...

Apache Httpd < 2.0.61 : mod_status cross-site scripting

A flaw was found in the modstatus module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. Note that the server-status page is not enabled by default and it is best practice to not make this publicly...

Apache Httpd < 1.3.39 : mod_status cross-site scripting

A flaw was found in the modstatus module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. Note that the server-status page is not enabled by default and it is best practice to not make this publicly...

Apache Httpd < 2.2.6 : mod_status cross-site scripting

A flaw was found in the modstatus module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. Note that the server-status page is not enabled by default and it is best practice to not make this publicly...

Debian DSA-935-1 : libapache2-mod-auth-pgsql - format string vulnerability

iDEFENSE reports that a format string vulnerability in modauthpgsql, a library used to authenticate web users against a PostgreSQL database, could be used to execute arbitrary code with the privileges of the httpd user. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

Apache Win32 Chunked Encoding

This module exploits the chunked transfer integer wrap vulnerability in Apache version 1.2.x to 1.3.24. This particular module has been tested with all versions of the official Win32 build between 1.3.9 and 1.3.24. Additionally, it should work against most co-branded and bundled versions of Apach...

CVE-2006-5216

Stack-based buffer overflow in Sergey Lyubka Simple HTTPD shttpd 1.34 allows remote attackers to execute arbitrary code via a long URI...

CVE-2006-5216

Stack-based buffer overflow in Sergey Lyubka Simple HTTPD shttpd 1.34 allows remote attackers to execute arbitrary code via a long URI...

CVE-2006-5216

SHTTPD

httpd cross-site scripting flaw in mod_imap

Cross-site scripting XSS vulnerability in the modimap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps...

CVE-2006-5050

Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded "%2e%2e/" sequences in the URI...

CVE-2006-5050

Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded "%2e%2e/" sequences in the URI...

CVE-2006-5050

CVE-2006-5050 affects BusyBox by its httpd component, enabling directory traversal through URL-encoded "%2e%2e/" sequences in the URI. The underlying issue is a path traversal vulnerability that could allow remote attackers to read arbitrary files. According to the NVD entry, this is a network-ac...

CVE-2006-5050

Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded "%2e%2e/" sequences in the URI...

CentOS 3 / 4 : squirrelmail (CESA-2006:0668)

A new squirrelmail package that fixes a security issue as well as several bugs is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in...

RHEL 3 / 4 : squirrelmail (RHSA-2006:0668)

A new squirrelmail package that fixes a security issue as well as several bugs is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in...

[RLSA_02-2006] OSU httpd for OpenVMS path and directory disclosure - is this a bug or a feature?

rfdslabs security advisory Title: OSU httpd for OpenVMS path and directory disclosure - is this a bug or a feature? RLSA02-2006 Versions: OSU/3.11alhpa, OSU/3.10a probably others Vendor: David Jones, Ohio State University http://www.ecr6.ohio-state.edu/www/doc/serverinfo.html Date: 18 May 2006...

Multiple OSU httpd security vulnerabilities

Physical path and directory content disclosure...

BusyBox 1.01 - HTTPd Directory Traversal

BusyBox 1.01 - HTTPd Directory Traversal source: https://www.securityfocus.com/bid/20067/info The httpd daemon of BusyBox is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary fil...