CVE-2003-1307

Summary: CVE-2003-1307 affects the mod_php module of the Apache HTTP Server. Vulnerability: Local users with write access to PHP scripts can signal the server’s process group and manipulate server file descriptors, demonstrated by sending a STOP signal and intercepting connections on the server’s...

CVE-2003-1307

The modphp module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: th...

[VulnWatch] iDefense Security Advisory 10.13.06: Apache HTTP Server mod_tcl set_var Format String Vulnerability

Apache HTTP Server modtcl setvar Format String Vulnerability iDefense Security Advisory 10.13.06 http://www.idefense.com/intelligence/vulnerabilities/ Oct 13, 2006 I. BACKGROUND The modtcl module for the Apache httpd v2.x is a scripting module that allows a TCL developer to create server side...

CVE-2006-5263

The CVE-2006-5263 issue affects phpMyAgenda 3.1 and earlier, where a directory traversal vulnerability in templates/header.php3 allows remote attackers to include and execute arbitrary local files by passing a .. in the language parameter (example using an Apache log file that contains PHP code)....

CVE-2006-5263

Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently...

Solaris 10 (sparc) : 120543-36 (deprecated)

Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Apache HTTP Server. The supported version that is affected is 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in...

RHEL 3 / 4 : php (RHSA-2006:0669)

Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...

CVE-2006-4625

PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safemode and openbasedir, via the inirestore function, which resets the values to their php.ini Master Value defaults...

CVE-2006-4636

Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contai...

CVE-2006-4558

DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the modmime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php...

CVE-2006-4558

DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the modmime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php...

CVE-2006-4558

DeluxeBB 1.06 and earlier running on Apache with mod_mime is vulnerable. The flaw in newpost.php’s newthread action allows remote attackers to upload files with double extensions via the fileupload parameter, enabling arbitrary PHP code execution. Affected: DeluxeBB 1.06 and earlier. Evidence fro...

CVE-2006-4191

Directory traversal vulnerability in memcp.php in XMB Extreme Message Board 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server...

CVE-2006-4191

Directory traversal vulnerability in memcp.php in XMB Extreme Message Board 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server...

CentOS 3 / 4 : httpd (CESA-2006:0619)

Updated Apache httpd packages that correct security issues and resolve bugs are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server available for fre...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2006:0619 Updated Apache httpd packages that correct security issues and resolve bugs are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HT...

Moderate: Red Hat Security Advisory: httpd security update

Updated Apache httpd packages that correct security issues and resolve bugs are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server available for fre...

httpd: Expect header XSS

httpprotocol.c in 1 IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and 2 Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site...

RHEL 2.1 : apache (RHSA-2006:0618)

Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server available for free. A bug was found ...

apache security update

CentOS Errata and Security Advisory CESA-2006:0618-01 Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. The Apache HTTP Server is a...