5747 matches found
Apache Httpd < 2.0.61 : mod_proxy crash
A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker...
CVE-2006-6390
Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the configdbtype parameter to 1 categories.php, 2 couriers.php, 3...
CVE-2006-6390
Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the configdbtype parameter to 1 categories.php, 2 couriers.php, 3...
mod_auth_kerb security update
CentOS Errata and Security Advisory CESA-2006:0746 Updated modauthkerb packages that fix a security flaw and a bug in multiple realm handling are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. modauthke...
Low: Red Hat Security Advisory: mod_auth_kerb security update
Updated modauthkerb packages that fix a security flaw and a bug in multiple realm handling are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. modauthkerb is module for the Apache HTTP Server designed to...
HP-UX PHSS_35460 : s700_800 11.04 Virtualvault 4.7 IWS update
s700800 11.04 Virtualvault 4.7 IWS update : The remote HP-UX host is affected by multiple vulnerabilities : - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service DoS attack and...
HP-UX PHSS_35461 : s700_800 11.04 Virtualvault 4.5 OWS update
s700800 11.04 Virtualvault 4.5 OWS update : The remote HP-UX host is affected by multiple vulnerabilities : - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service DoS attack and...
CVE-2006-5894
Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when registerglobals is enabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file,...
CVE-2006-5894
The CVE-2006-5894 entry documents a directory traversal flaw in Rama CMS 0.68 and earlier. When register_globals is enabled, an attacker can cause lang.php to include and execute arbitrary local files via a .. in the lang cookie, demonstrated by injecting PHP sequences into an Apache log file tha...
CVE-2006-5733
Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the PNSVlang PNSV lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then includ...
CVE-2005-4814
Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory...
CVE-2005-4814
Segue CMS
CVE-2003-1307
Summary: CVE-2003-1307 affects the mod_php module of the Apache HTTP Server. Vulnerability: Local users with write access to PHP scripts can signal the server’s process group and manipulate server file descriptors, demonstrated by sending a STOP signal and intercepting connections on the server’s...
[VulnWatch] iDefense Security Advisory 10.13.06: Apache HTTP Server mod_tcl set_var Format String Vulnerability
Apache HTTP Server modtcl setvar Format String Vulnerability iDefense Security Advisory 10.13.06 http://www.idefense.com/intelligence/vulnerabilities/ Oct 13, 2006 I. BACKGROUND The modtcl module for the Apache httpd v2.x is a scripting module that allows a TCL developer to create server side...
CVE-2006-5263
The CVE-2006-5263 issue affects phpMyAgenda 3.1 and earlier, where a directory traversal vulnerability in templates/header.php3 allows remote attackers to include and execute arbitrary local files by passing a .. in the language parameter (example using an Apache log file that contains PHP code)....
CVE-2006-5263
Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently...
Solaris 10 (sparc) : 120543-36 (deprecated)
Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Apache HTTP Server. The supported version that is affected is 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in...
CVE-2006-4625
PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safemode and openbasedir, via the inirestore function, which resets the values to their php.ini Master Value defaults...
CVE-2006-4636
Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contai...
CVE-2006-4558
DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the modmime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php...