RHEL 6 : subversion (RHSA-2013:0737)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0737 advisory. Subversion SVN is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarc...

Moderate: Red Hat Security Advisory: subversion security update

Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

SuSE 11.2 Security Update : Apache (SAT Patch Number 7570)

Apache2 has been updated to fix multiple XSS flaws. - Multiple cross-site scripting XSS vulnerabilities in the balancerhandler function in the manager interface in modproxybalancer.c in the modproxybalancer module in the Apache HTTP Server potentially allowed remote attackers to inject arbitrary...

Fedora Update for php FEDORA-2013-3927

Check for the Version of php OpenVAS Vulnerability Test Fedora Update for php FEDORA-2013-3927 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of t...

[SECURITY] Fedora 17 Update: php-5.4.13-1.fc17

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Fedora Update for httpd FEDORA-2013-4541

Check for the Version of httpd OpenVAS Vulnerability Test Fedora Update for httpd FEDORA-2013-4541 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

[SECURITY] Fedora 18 Update: httpd-2.4.4-2.fc18

The Apache HTTP Server is a powerful, efficient, and extensible web server...

Medium: httpd

Issue Overview: Multiple cross-site scripting XSS vulnerabilities in the balancerhandler function in the manager interface in modproxybalancer.c in the modproxybalancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web...

Medium: httpd24

Issue Overview: Multiple cross-site scripting XSS vulnerabilities in the balancerhandler function in the manager interface in modproxybalancer.c in the modproxybalancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web...

Apple Mac OS X 身份验证绕过漏洞

BUGTRAQ ID: 58513 CVECAN ID: CVE-2013-0966 Apple Mac OS X是苹果电脑操作系统软件。 Apple Mac OS X 10.8.3之前版本Apache HTTP Server的Apple modhfsapple模块，没有正确处理忽略的Unicode字符，通过URI内的特制路径名，攻击者可利用此漏洞绕过目录身份验证。 0 Apple Mac OS X 10.7.4 Apple Mac OS X 10.7.3 Apple Mac OS X 10.7.2 Apple Mac OS X 10.7.1 Apple Mac OS X Server...

USN-1765-1: Apache HTTP Server vulnerabilities

Niels Heinen discovered that multiple modules incorrectly sanitized certain strings, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a...

CVE-2013-0966

The Apple modhfsapple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI...

Authentication flaw

The Apple modhfsapple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI...

CentOS Update for httpd CESA-2013:0512 centos6

Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2013:0512 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

CentOS Update for httpd CESA-2013:0512 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS 6 : php (CESA-2013:0514)

Updated php packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, whic...

Code injection

The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an...

CVE-2013-1048

The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an...

Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20130221)

An input sanitization flaw was found in the modnegotiation Apache HTTP Server module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews options enabled, could use this flaw to conduct cross-site scripting attacks against users visiting th...

Apache HTTP Server balancer_handler函数跨站脚本漏洞(CVE-2012-4558)

BUGTRAQ ID: 58165 CVECAN ID: CVE-2012-4558 Apache HTTP Server是开源HTTP服务器。 Apache HTTP Server被报告存在多个漏洞，攻击者能利用这些漏洞进行跨站脚本攻击。 1）modinfo, modldap, modstatus, modimagemap, 以及modproxyftp模块中某些与hostnames和URI相关的输入没有经过正确的检查即返回给用户。 2）传递给modproxybalancer模块管理接口的某些不确定输入没有经过正确检查即返回给用户。...