35 matches found
openSUSE Security Advisory (openSUSE-SU-2024:0037-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Exploit for CVE-2023-31497
EPScalate An elevation of privilege vulnerability in QuickHeal...
SUSE CVE-2002-0392
Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size...
eduteka.icesi.edu.co Cross Site Scripting vulnerability OBB-1376764
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Exploit for Use After Free in Microsoft
CVE-2019-0708 Unauthenticated CVE-2019-0708 "BlueKeep" Scanner...
openSUSE Security Update : qpdf (openSUSE-2018-176)
This version update for qpdf to 7.1.1 fixes the following issues : - Update to version 7.1.1 - Fix one linearization bug affecting files whose first /ID component is not 16 bytes long - Update to version 7.1.0 - Allow raw encryption key to be specified in libary and command line with the...
passfault - OWASP Passfault evaluates passwords and enforces password policy in a completely different way
Objective: Do Passwords Better! Running the Command-line Interface: 1. install java 2. cd core 3. gradlew installDist 4. run build/install/core/bin/core Running the jsonWebService: 1. cd jsonService 2. gradlew build jettyRunWar 3. browse to localhost:8080/jsonService Note the war will be located ...
Modern Vulnerable Web App: Hackazon
Hackazon is a free, vulnerable test site that is an online storefront built with the same technologies used in today’s rich client and mobile applications. Hackazon has an AJAX interface, strict workflows and RESTful API’s used by a companion mobile app providing uniquely-effective training and...
Apache Syncope特制Commons JEXL表达式远程代码执行漏洞
CVE ID:CVE-2014-0111 Apache Syncope是用在企业环境的数字身份管理,在JEE技术的实施和Apache 2.0许可下发布的开源系统。 Apache Syncope处理特制的Apache Commons JEXL表达式存在安全漏洞,允许通过验证的远程攻击者通过运行Apache Syncope core的JEE container来执行任意代码。 0 Apache Syncope 1.0.0 Apache Syncope 1.0.8 Apache Syncope 1.1.0 Apache Syncope 1.1.6 Apache Syncope 1.0.9,...
Apache 2.0.x < 2.0.65 Multiple Vulnerabilities
According to its banner, the version of Apache 2.0.x running on the remote host is prior to 2.0.65. It is, therefore, affected by several vulnerabilities : - A flaw exists in the byte-range filter, making it vulnerable to denial of service. CVE-2011-3192 - A flaw exists in 'modproxy' where it...
HP Launches Beta Release Of Open WebOS
Months after Hewlett-Packard originally announced the open-source version of WebOS, the beta version of the platform is on its way out the door. Friday's release includes two environments for developers. The first is the desktop build, which is boasted to provide "the ideal development environmen...
Oracle Weblogic Apache Connector POST Request Buffer Overflow
Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...
Apache HTTP Server mod_proxy反向代理模式安全限制绕过漏洞
BUGTRAQ ID: 50802 CVE ID: CVE-2011-4317 Apache HTTP Server是Apache软件基金会的一个开放源代码的网页服务器,可以在大多数电脑操作系统中运行,由于其跨平台和安全性被广泛使用,是最流行的Web服务器端软件之一。 Apache HTTP Server在反向代理模式中配置modproxy模块时错误地处理了某些Web请求,可通过特制的URL向代理后方的服务器发送请求,从而绕过某些安全限制。 Apache 2.2.x Apache 2.0.x 厂商补丁: Apache Group ------------...
SourceForge open sources its own source !
SourceForge, the popular project hosting site, has released Allura, the software that powers its service, as Apache 2.0 licensed open source. The project to develop Allura began in 2009 and currently an instance of the software, which has also been known as "New Forge" or "Forge 2.0" during...
Apache 2.0 for Windows物理路径泄漏漏洞
No description provided by source...
Apache mod_proxy_ftp FTP命令注入漏洞
Apache modproxyftp是一款用于处理FTP代理请求的Apache模块。 Apache modproxyftp存在输入验证错误,远程攻击者可以通过在发送给apache服务器的请求中构建特殊的"Authorization"头,可传递FTP命令给FTP服务器。 在通常的情况下,apache modproxyftp不允许发送任意FTP命令给FTP服务器,Apache只发送一些有线的命令给FTP服务器,如USER, PASS, PWD等,modproxyftp存在漏洞允许用户编码任何FTP命令作为"Authorization"头数据,并由apache传递给FTP服务器执行。 Apac...
mod_jk2 v2.0.2 for Apache 2.0 Remote Buffer Overflow Exploit (win32)
No description provided by source. / Dreatica-FXP crew ---------------------------------------- Target : modjk2 v2.0.2 for Apache 2.0 Win32 Found by : IOActive Security Advisory ----------------------------------------...
CVE-2008-0005
modproxyftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting XSS attacks using UTF-7 encoding...
Apache Mod_Rewrite单字节缓冲区溢出漏洞
Apache是一款流行的开放源代码的HTTPD服务程序。 Apache modrewrite模块中LDAP机制处理存在单字节溢出错误,远程攻击者可以利用漏洞以WEB进程权限执行任意指令。 Apache modrewrite模块提供了一个基于规则的使用正则表达式分析器的实时转向URL请求的引擎。modrewrite模块在转义绝对URI机制时存在单字节错误,当分离LDAP URL的数据时escapeabsoluteuri 函数中会触发此漏洞。触发此漏洞可导致指向用户提供数据的指针写入字符指针数组边界之外,可用于控制程序,以WEB权限执行任意指令。...
Technical note by Amit Klein: "Sending arbitrary HTTP requests with Flash 7/8 (+IE 6.0)"
Sending arbitrary HTTP requests with Flash 7/8 +IE 6.0 Amit Klein, August 2006 The trick ========= In 1, I showed how to forge parts of HTTP requests containing CRs and LFs using Flash. In that write-up, the data was part of the HTTP body section. However, combining the Content-Length overriding...