CVE-2013-1862

modrewrite.c in the modrewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator...

Apache HTTP Server mod_rewrite Log File Manipulation Vulnerability

A vulnerability in the dorewritelog function of Apache HTTP Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper handling of certain escape sequences by the affected software. An unauthenticated, remote attacker could...

Important: Red Hat Security Advisory: pki-tps security update

An updated pki-tps package that fixes two security issues is now available for Red Hat Certificate System 8.1. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings,...

RedHat Update for httpd RHSA-2013:0815-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache HTTP Server日志内终端转义序列命令注入漏洞

BUGTRAQ ID: 59826 CVECAN ID: CVE-2013-1862 Apache HTTP Server是开源HTTP服务器。 Apache HTTP Server modrewrite向日志文件写入数据时，没有过滤不能打印的字符。如果 modrewrite 使用了指令RewriteLog，远程攻击者可利用此漏洞向日志文件写入终端转义序列。如果HTTP请求包含终端模拟器的转义序列，此漏洞也可造成任意命令执行。 0 Apache Group HTTP Server 2.2.x 厂商补丁： Apache Group ------------...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2013:0815 Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS...

httpd: multiple XSS flaws due to unescaped hostnames

Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...

DEBIAN-CVE-2013-1849

The moddavsvn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a PROPFIND request for an activity URL...

phpMyAdmin 'filename_template' 远程代码执行(CVE-2013-3239)

BUGTRAQ ID: 59465 CVECAN ID: CVE-2013-3239 phpmyadmin是MySQL数据库的在线管理工具，主要功能包括在线创建数据表、运行SQL语句、搜索查询数据以及导入导出数据等。 phpMyAdmin 3.5.x、4.x在配置了SaveDir目录后，通过导出文件文件名的双扩展名，经过身份验证的远程用户可以执行任意代码，导致Apache HTTP服务器将此文件解释为可执行文件。例如：.php.sql文件名。 0 phpMyAdmin 3.x phpMyAdmin 3.5.x 厂商补丁： phpMyAdmin ----------...

CVE-2013-3239

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTT...

Design/Logic Flaw

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTT...

CVE-2013-3239

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTT...

CVE-2013-3239

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTT...

jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

CentOS Update for mod_dav_svn CESA-2013:0737 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scripttagname:"affected",...

RedHat Update for subversion RHSA-2013:0737-01

Check for the Version of subversion OpenVAS Vulnerability Test RedHat Update for subversion RHSA-2013:0737-01 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

RHEL 6 : subversion (RHSA-2013:0737)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0737 advisory. Subversion SVN is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarc...

Moderate: Red Hat Security Advisory: subversion security update

Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

SuSE 11.2 Security Update : Apache (SAT Patch Number 7570)

Apache2 has been updated to fix multiple XSS flaws. - Multiple cross-site scripting XSS vulnerabilities in the balancerhandler function in the manager interface in modproxybalancer.c in the modproxybalancer module in the Apache HTTP Server potentially allowed remote attackers to inject arbitrary...

Fedora Update for php FEDORA-2013-3927

Check for the Version of php OpenVAS Vulnerability Test Fedora Update for php FEDORA-2013-3927 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of t...