5757 matches found
Apache Httpd < 2.2.3 : mod_rewrite off-by-one error
An off-by-one flaw exists in the Rewrite module, modrewrite. Depending on the manner in which Apache httpd was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely...
Apache Httpd < 1.3.37 : mod_rewrite off-by-one error
An off-by-one flaw exists in the Rewrite module, modrewrite. Depending on the manner in which Apache httpd was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely...
Apache Httpd < 2.0.59 : mod_rewrite off-by-one error
An off-by-one flaw exists in the Rewrite module, modrewrite. Depending on the manner in which Apache httpd was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely...
rocksmountdirty.txt
!/bin/sh rocksmountdirty.sh: Rocks release =4.1 local root exploit make sure 'mount-loop' is in your path for this to work. coded by: [email protected] http://xavsec.blogspot.com echo "Rocks Clusters =4.1 mount-loop local root exploit by [email protected] http://xavsec.blogspot.com" echo...
Rocks Clusters 4.1 - mount-loop Local Privilege Escalation
Rocks Clusters 4.1 - mount-loop Local Privilege Escalation !/bin/sh rocksmountdirty.sh: Rocks release =4.1 local root exploit make sure 'mount-loop' is in your path for this to work. coded by: [email protected] http://xavsec.blogspot.com echo "Rocks Clusters =4.1 mount-loop local root exploit b...
CentOS 3 / 4 : httpd (CESA-2005:608)
Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A flaw...
Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : Apache httpd redux (SSA:2006-130-01)
New Apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a bug with Apache 1.3.35 and glibc that breaks wildcards in Include directives. It may not occur with all versions of glibc, but it has been verified on -current using an Include within a file...
Apache Httpd < 1.3.35 : Expect header Cross-Site Scripting
A flaw in the handling of invalid Expect headers. If an attacker can influence the Expect header that a victim sends to a target site they could perform a cross-site scripting attack. It is known that some versions of Flash can set an arbitrary Expect header which can trigger this flaw. Not marke...
CVE-2006-1681
Cross-site scripting XSS vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated...
Cross site scripting
Cross-site scripting XSS vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated...
CVE-2006-1681
CVE-2006-1681 affects Cherokee HTTPD 0.5 and earlier. A cross-site scripting vulnerability exists where a malformed request that leads to an HTTP 400 error is not properly handled in the error message, allowing remote attackers to inject arbitrary script/HTML into a victim’s browser. Impact descr...
CVE-2006-1681
Cross-site scripting XSS vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated...
Mandrake Linux Security Advisory : php (MDKSA-2006:063)
A vulnerability was discovered where the htmlentitydecode function would return a chunk of memory with length equal to the string supplied, which could include php code, php ini data, other user data, etc. Note that by default, Corporate 3.0 and Mandriva Linux LE2005 ship with magicquotesgpc on...
CVE-2006-1598
AN HTTPD 1.42n, and possibly other versions before 1.42p, allows remote attackers to obtain source code of scripts via crafted requests with 1 dot and 2 space characters in the file extension...
Design/Logic Flaw
AN HTTPD 1.42n, and possibly other versions before 1.42p, allows remote attackers to obtain source code of scripts via crafted requests with 1 dot and 2 space characters in the file extension...
CVE-2006-1598
AN HTTPD 1.42n, and possibly other versions before 1.42p, allows remote attackers to obtain source code of scripts via crafted requests with 1 dot and 2 space characters in the file extension...
CVE-2006-1598
Summary: CVE-2006-1598 affects AN HTTPD 1.42n and possibly earlier versions (before 1.42p). Vulnerability: Remote attackers can obtain the source code of scripts by sending crafted requests that exploit specific dot and space characters in the file extension. Impact: Information disclosure (confi...
D-Link DWL-G700AP httpd DoS
author: l0om page: www.excluded.org product: D-Link DWL-G700AP firmware: tested on v2.00 and the latest v2.01 The DWL-G700AP is an accesspoint from D-Link and the only way to configure it is the http service which is managed from a httpd called "CAMEO". This webserver is very easy to DoS because...
D-Link DWL-G700AP 2.00/2.01 - HTTPd Denial of Service
// source: https://www.securityfocus.com/bid/16690/info D-Link DWL-G700AP HTTPD is prone to a remote denial-of-service vulnerability. This issue is due to a failure in the 'httpd' service to properly handle malformed data. An attacker can exploit this issue to crash the affected webserver,...
D-Link DWL-G700AP 2.002.01 - HTTPd Denial of Service
D-Link DWL-G700AP 2.002.01 - HTTPd Denial of Service // source: https://www.securityfocus.com/bid/16690/info D-Link DWL-G700AP HTTPD is prone to a remote denial-of-service vulnerability. This issue is due to a failure in the 'httpd' service to properly handle malformed data. An attacker can explo...