965 matches found
CVE-2012-2751
ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform...
CVE-2009-5031
ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting XSS attacks via a single quote in a request parameter in the Content-Disposition field of a...
CVE-2009-5031
ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting XSS attacks via a single quote in a request parameter in the Content-Disposition field of a...
CVE-2009-5031
ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting XSS attacks via a single quote in a request parameter in the Content-Disposition field of a...
CVE-2012-2751
ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform...
Cross site scripting
ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting XSS attacks via a single quote in a request parameter in the Content-Disposition field of a...
Cross site scripting
ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform...
CVE-2009-5031
ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting XSS attacks via a single quote in a request parameter in the Content-Disposition field of a...
CVE-2009-5031
CVE-2009-5031 affects ModSecurity before 2.5.11. It mishandles single quotes in request parameter values in the Content-Disposition header of multipart/form-data requests, allowing remote attackers to bypass filtering and perform other attacks such as XSS. A fix is available in ModSecurity 2.5.11...
CVE-2012-2751
CVE-2012-2751 relates to ModSecurity prior to 2.6.6 when used with PHP. The issue arises in how single quotes in Content-Disposition are handled inside multipart/form-data requests, allowing remote attackers to bypass filtering rules and potentially perform XSS. The vulnerability is noted to exis...
CVE-2012-2751
ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform...
CVE-2009-5031
ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting XSS attacks via a single quote in a request parameter in the Content-Disposition field of a...
CVE-2012-2751
ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform...
Fedora 17 : mod_security-2.6.6-2.fc17 (2012-9824)
ModSecurity Multipart Bypasses fixed by this upstream release. Upgrade to the latest stable upstream release. Upgraded modsecurity package. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...
[SECURITY] Fedora 17 Update: mod_security-2.6.6-2.fc17
ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding web applications from attacks...
[SECURITY] [DSA 2506-1] libapache-mod-security security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2506-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez July 02, 2012 http://www.debian.org/security/faq -...
Debian DSA-2506-1 : libapache-mod-security - ModSecurity bypass
Qualys Vulnerability & Malware Research Labs discovered a vulnerability in ModSecurity, a security module for the Apache webserver. In situations where both 'Content:Disposition: attachment' and 'Content-Type: multipart' were present in HTTP headers, the vulnerability could allow an attacker to...
[SECURITY] [DSA 2506-1] libapache-mod-security security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2506-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez July 02, 2012 http://www.debian.org/security/faq -...
DSA-2506-1 libapache-mod-security - modsecurity bypass
Bulletin has no description...
linux/x86 Bugtraq shutdown modsecurity shellcode 64 bytes
Title :Bugtraq shutdown modsecurity -Linux/x86 shellcode 64 bytes Author : TrOoN E-mail : http://www.facebook.com/alexydant my new facebook Home : city 617 logt Draria algeria Web Site : www.1337day.com Facebook : http://www.facebook.com/alexydant my new facebook platform : Bugtraq Eng Type :...