CVE-2006-4558

DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the modmime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php...

CVE-2006-4558

DeluxeBB 1.06 and earlier running on Apache with mod_mime is vulnerable. The flaw in newpost.php’s newthread action allows remote attackers to upload files with double extensions via the fileupload parameter, enabling arbitrary PHP code execution. Affected: DeluxeBB 1.06 and earlier. Evidence fro...

CVE-2006-4191

Directory traversal vulnerability in memcp.php in XMB Extreme Message Board 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server...

CVE-2006-4191

Directory traversal vulnerability in memcp.php in XMB Extreme Message Board 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server...

CentOS 3 / 4 : httpd (CESA-2006:0619)

Updated Apache httpd packages that correct security issues and resolve bugs are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server available for fre...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2006:0619 Updated Apache httpd packages that correct security issues and resolve bugs are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HT...

Moderate: Red Hat Security Advisory: httpd security update

Updated Apache httpd packages that correct security issues and resolve bugs are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server available for fre...

httpd: Expect header XSS

httpprotocol.c in 1 IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and 2 Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site...

RHEL 2.1 : apache (RHSA-2006:0618)

Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server available for free. A bug was found ...

apache security update

CentOS Errata and Security Advisory CESA-2006:0618-01 Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. The Apache HTTP Server is a...

CVE-2006-4004

Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into a...

CVE-2006-3918

httpprotocol.c in 1 IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and 2 Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site...

[Full-disclosure] [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released

Apache HTTP Server 2.2.3 Released The Apache Software Foundation and The Apache HTTP Server Project are pleased to announce the release of version 2.2.3 of the Apache HTTP Server "Apache". This version of Apache is principally a bug and security fix release. The following potential security flaws...

CVE-2006-3918

CVE-2006-3918 is an Apache HTTP Server/IBM HTTP Server issue where the HTTP Expect header is not sanitized when echoed back in error messages, enabling potential cross-site scripting via headers (as demonstrated with Flash/other clients). Affected products and versions include Apache HTTP Server ...

CVE-2006-3918

httpprotocol.c in 1 IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and 2 Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site...

CVE-2006-3918

httpprotocol.c in 1 IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and 2 Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site...

Apache mod_rewrite contains off-by-one error in ldap scheme handling

Overview A vulnerability in a common Apache HTTP server module, modrewrite, could allow a remote attacker to execute arbitrary code on an affected web server. Description The Apache HTTP server distribution includes a number of supplemental modules that provide additional functionality to the web...

CVE-2006-3918

httpprotocol.c in 1 IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and 2 Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site...

CentOS 3 / 4 : httpd (CESA-2005:582)

Updated Apache httpd packages to correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a powerful, full-featured, efficient, and...

Apache Httpd < 1.3.39 : Signals to arbitrary processes

The Apache HTTP server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the HTTP server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service...