[SECURITY] Fedora 17 Update: mod_security-2.7.3-1.fc17

ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding web applications from attacks...

Debian DSA-2659-1 : libapache-mod-security - XML external entity processing vulnerability

Timur Yunusov and Alexey Osipov from Positive Technologies discovered that the XML files parser of ModSecurity, an Apache module whose purpose is to tighten the Web application security, is vulnerable to XML external entities attacks. A specially crafted XML file provided by a remote attacker,...

[SECURITY] [DSA 2659-1] libapache-mod-security security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2659-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 09, 2013 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2659-1 (libapache-mod-security - XML external entity processing vulnerability)

Timur Yunusov and Alexey Osipov from Positive Technologies discovered that the XML files parser of ModSecurity, an Apache module whose purpose is to tighten the Web application security, is vulnerable to XML external entities attacks. A specially-crafted XML file provided by a remote attacker,...

DSA-2659-1 libapache-mod-security - XML external entity processing vulnerability

Bulletin has no description...

ModSecurity -- XML External Entity Processing Vulnerability

Positive Technologies has reported a vulnerability in ModSecurity, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS Denial Of Serice. The vulnerability is caused due to an error when parsing external XML entities and can be exploited to e.g...

PT-2013-22: XML External Entity Injection in Trustwave ModSecurity

Positive Research Center experts have discovered "XML External Entity Injection" vulnerability in Trustwave ModSecurity. If an attacker sends specially crafted request containing malformed XML to server with ModSecurity, the server will automatically send the contents of local or remote resources...

Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)

Check for the Version of apache-modsecurity OpenVAS Vulnerability Test Mandriva Update for apache-modsecurity MDVSA-2012:182 apache-modsecurity Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2012:182)

Multiple vulnerabilities has been discovered and corrected in apache-modsecurity : ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data...

myBB KingChat Plugin SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: KingChat MyBB plugin SQL Injection 0day Google Dork: inurl:"kingchat.php" Date: 13.10.2012 Exploit Author: RedHat NullSec Software Link: http://mods.mybb.com/view/kingchat Tested on: Windows & Linux. Vulnerable code : query"SELE...

[SECURITY] Fedora 17 Update: mod_security-2.7.1-3.fc17

ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding web applications from attacks...

[SECURITY] Fedora 18 Update: mod_security-2.7.1-3.fc18

ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding web applications from attacks...

modsecurity for Apache protection bypass

It's possible to bypass filtering with double 'r' in boundary identifier...

SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass

SEC Consult Vulnerability Lab Security Advisory 20121017-0 ======================================================================= title: ModSecurity multipart/invalid part ruleset bypass product: ModSecurity vulnerable version: = 2.6.8 fixed version: 2.7.0 CVE number: - impact: Depends what you...

ModSecurity 2.6.8 Bypass

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: ModSecurity multipart/invalid part ruleset bypass product: ModSecurity vulnerable version: = 2.6.8 fixed version: 2.7.0 CVE number: - impact: Depends what you use it for...

ModSecurity - POST Security Bypass

ModSecurity - POST Security Bypass source: https://www.securityfocus.com/bid/56096/info ModSecurity is prone to a security-bypass vulnerability because it fails to sufficiently sanitize user-supplied input. Successful exploits can allow attackers to bypass filtering rules; this may aid in further...

ModSecurity - 'POST' Security Bypass

source: https://www.securityfocus.com/bid/56096/info ModSecurity is prone to a security-bypass vulnerability because it fails to sufficiently sanitize user-supplied input. Successful exploits can allow attackers to bypass filtering rules; this may aid in further attacks. ModSecurity 2.6.8 is...

ModSecurity引号解析安全限制绕过漏洞(CVE-2012-2751)

BUGTRAQ ID: 54156 CVE ID: CVE-2012-2751 modsecurity是经常与PHP结合使用的Web应用防火墙。 ModSecurity 2.6.6之前版本结合PHP使用时，没有正确处理单引号，可允许远程攻击者通过带有multipart/form-data Content-Type标头的请求内Content-Disposition字段中的请求参数的单引号，绕过过滤规则并执行诸如XSS攻击。 0 Breach Security modsecurity 2.x 厂商补丁： Breach Security ---------------...

CVE-2012-2751

ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform...

DEBIAN-CVE-2012-2751

ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform...