5854 matches found
CVE-2012-4360
Cross-site scripting XSS vulnerability in the modpagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-4001
The modpagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers...
Cross site scripting
Cross-site scripting XSS vulnerability in the modpagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Code injection
The modpagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers...
CVE-2012-4360
CVE-2012-4360 is a cross-site scripting flaw in the mod_pagespeed Apache module (versions 0.10.19.1–0.10.22.4) that allowed remote attackers to inject arbitrary script via unspecified vectors. The issue affects Apache HTTP Server deployments using mod_pagespeed and could enable execution of JavaS...
CVE-2012-4360
Cross-site scripting XSS vulnerability in the modpagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-4001
CVE-2012-4001 affects the mod_pagespeed module for the Apache HTTP Server (versions before 0.10.22.6). The vulnerability arises from improper verification of the module’s host name, allowing remote attackers to trigger HTTP requests to arbitrary hosts (demonstrated via intranet targets) due to an...
CVE-2012-4001
The modpagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers...
apache22 -- several vulnerabilities
Apache HTTP SERVER PROJECT reports: low: XSS in modnegotiation when untrusted uploads are supported CVE-2012-2687 Possible XSS for sites which use modnegotiation and allow untrusted uploads to locations which have MultiViews enabled. low: insecure LDLIBRARYPATH handling CVE-2012-0883 This issue w...
CVE-2012-3526
The reverse proxy add forward module modrpaf 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service server or application crash via multiple X-Forwarded-For headers in a request...
CVE-2012-3526
The reverse proxy add forward module modrpaf 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service server or application crash via multiple X-Forwarded-For headers in a request...
Cross site request forgery (csrf)
The reverse proxy add forward module modrpaf 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service server or application crash via multiple X-Forwarded-For headers in a request...
CVE-2012-3526
CVE-2012-3526 affects the Apache HTTP Server mod_rpaf reverse proxy add forward module (versions 0.5 and 0.6). The vulnerability allows a remote attacker to cause a denial of service by sending multiple X-Forwarded-For headers, potentially crashing the server or application. Exploitation details ...
CVE-2012-3526
The reverse proxy add forward module modrpaf 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service server or application crash via multiple X-Forwarded-For headers in a request...
CVE-2012-3526
The reverse proxy add forward module modrpaf 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service server or application crash via multiple X-Forwarded-For headers in a request...
Code injection
actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANETMODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a...
Apache 2.4.1, 2.4.2 Multiple Vulnerabilities
Binary data 6550.prm...
CVE-2012-3502
The proxy functionality in 1 modproxyajp.c in the modproxyajp module and 2 modproxyhttp.c in the modproxyhttp module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitiv...
CVE-2012-2687
Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted...
DEBIAN-CVE-2012-2687
Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted...