5830 matches found
CVE-2007-6388
Cross-site scripting XSS vulnerability in modstatus in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2007-6422
The balancerhandler function in modproxybalancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service child process crash via an invalid bb variable...
CVE-2007-6388
Cross-site scripting XSS vulnerability in modstatus in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2007-6388
Cross-site scripting XSS vulnerability in modstatus in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2007-6514
Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "" backslash, which is not handled by the intended AddType directive...
CVE-2007-6514
Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "" backslash, which is not handled by the intended AddType directive...
CVE-2007-6514
Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "" backslash, which is not handled by the intended AddType directive...
Code injection
Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "" backslash, which is not handled by the intended AddType directive...
CVE-2007-6514
Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "" backslash, which is not handled by the intended AddType directive...
Apache HTTP Server Windows共享PHP文件扩展映射信息泄露漏洞
BUGTRAQ ID: 26939 CNCAN ID:CNCAN-2007122001 Apache HTTP Server是一款流行的HTTP服务程序。 Apache HTTP Server当处理在Windows SMB共享上的文件请求时存在问题,远程攻击者可以利用漏洞获得任意脚本明文信息。 问题是Apache不正确处理使用正确引擎关联的文件扩展,当处理windows SMB共享上的特定文件请求时存在问题,扩展不正确解析文件而导致敏感信息泄露。 Apache Software Foundation Apache 2.2.6 目前没有解决方案提供:...
CVE-2007-6361
Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by...
Sql injection
SQL injection vulnerability in the David Castro AuthCAS module AuthCAS.pm 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSIONCOOKIENAME session ID in a cookie...
CVE-2007-6342
SQL injection vulnerability in the David Castro AuthCAS module AuthCAS.pm 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSIONCOOKIENAME session ID in a cookie...
CVE-2007-6342
CVE-2007-6342 affects the Apache::AuthCAS module (AuthCAS.pm) version 0.4 used with the Apache HTTP Server. The root cause is an SQL injection: the session ID obtained from the cookie named by SESSION_COOKIE_NAME is directly interpolated into an SQL query (SELECT last_accessed, uid, pgtiou FROM …...
CVE-2007-6342
SQL injection vulnerability in the David Castro AuthCAS module AuthCAS.pm 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSIONCOOKIENAME session ID in a cookie...
Cross site scripting
Cross-site scripting XSS vulnerability in the 1 modimap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the 2 modimagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2007-5000
Cross-site scripting XSS vulnerability in the 1 modimap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the 2 modimagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2007-5000
CVE-2007-5000 affects Apache HTTP Server mod_imap and mod_imagemap (v1.3.0–1.3.39 and v2.0.35–2.0.61). The flaw is due to insufficient input validation, allowing remote script/HTML injection via unspecified vectors. Public advisories note fixes in later Apache releases (and related packages); mit...
CVE-2007-5000
Cross-site scripting XSS vulnerability in the 1 modimap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the 2 modimagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
JVN#80057925: Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap"
The Apache HTTP Server is open source web server software. The Apache HTTP Server modules modimap and modimagemap provide server-side imagemap processing capability. The Apache HTTP Server modules modimap and modimagemap are vulnerable to cross-site scripting. Impact An arbitrary script can be...