[SECURITY] Fedora Core 6 Update: php-5.1.6-3.4.fc6

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Directory traversal

Directory traversal vulnerability in zdnumer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included ...

CVE-2007-0637

Directory traversal vulnerability in zdnumer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included ...

CVE-2007-0637

CVE-2007-0637 describes a directory traversal vulnerability in the PHP script zd_numer.php for Galeria Zdjec 3.0 and earlier. An attacker can use a ".." path component in the galeria parameter to cause local file inclusion, enabling remote attackers to include and execute arbitrary local files (i...

EUVD-2007-0635

Directory traversal vulnerability in zdnumer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included ...

CVE-2007-0419

The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service server outage...

CVE-2007-0419

The CVE-2007-0419 issue affects the BEA WebLogic Server proxy plug-in for the Apache HTTP Server (pre June 2006). The root cause is improper handling of protocol errors in the plug-in, which can allow remote attackers to cause a denial of service (server outage). The vulnerability description not...

CVE-2007-0419

The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service server outage...

Directory traversal

Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when registerglobals is enabled and magicquotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the page parameter, as demonstrated by injecting PHP...

CVE-2007-0086

The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service network bandwidth consumption via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by...

CVE-2007-0086

The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service network bandwidth consumption via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by...

Code injection

The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service network bandwidth consumption via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by...

Directory traversal

Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log fil...

CVE-2007-0086

CVE-2007-0086 targets the Apache HTTP Server. The documented effect is a denial of service caused by a Range header that can cause network bandwidth consumption when a TCP connection is opened with a large window size, via multiple copies of the same fragment. The connected documents provide conc...

CVE-2007-0086

The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service network bandwidth consumption via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by...

CVE-2006-6869

Directory traversal vulnerability in includes/search/searchmdforum.php in MAXdev MDForum 2.0.1 and earlier, when magicquotesgpc is disabled and registerglobals is enabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the PNSVlang cookie to error.php, as...

CVE-2006-6613

Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magicquotesgpc is disabled and registerglobals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. dot dot in the palangincludefile...

CentOS 4 : mod_auth_kerb (CESA-2006:0746)

Updated modauthkerb packages that fix a security flaw and a bug in multiple realm handling are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. modauthkerb is module for the Apache HTTP Server designed to...

RHEL 4 : mod_auth_kerb (RHSA-2006:0746)

The remote Redhat Enterprise Linux 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2006:0746 advisory. modauthkerb is module for the Apache HTTP Server designed to provide Kerberos authentication over HTTP. An off by one flaw was found in the way...

CVE-2006-6445

Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the PNSVlang PNSV lang parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then...