CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5876 matches found

seebug.org•added 2013/03/19 12:0 a.m.•27 views

Apple Mac OS X 身份验证绕过漏洞

BUGTRAQ ID: 58513 CVECAN ID: CVE-2013-0966 Apple Mac OS X是苹果电脑操作系统软件。 Apple Mac OS X 10.8.3之前版本Apache HTTP Server的Apple modhfsapple模块，没有正确处理忽略的Unicode字符，通过URI内的特制路径名，攻击者可利用此漏洞绕过目录身份验证。 0 Apple Mac OS X 10.7.4 Apple Mac OS X 10.7.3 Apple Mac OS X 10.7.2 Apple Mac OS X 10.7.1 Apple Mac OS X Server...

6.4CVSS6.4AI score0.00241EPSS

Exploits2

Ubuntu•added 2013/03/18 1:9 p.m.•66 views

USN-1765-1: Apache HTTP Server vulnerabilities

Niels Heinen discovered that multiple modules incorrectly sanitized certain strings, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a...

5CVSS7.5AI score0.58223EPSS

Exploits4

NVD•added 2013/03/15 8:55 p.m.•22 views

CVE-2013-0966

The Apple modhfsapple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI...

6.4CVSS6AI score0.00241EPSS

Exploits2References1

Prion•added 2013/03/15 8:55 p.m.•19 views

Authentication flaw

6.4CVSS6.7AI score0.00241EPSS

Exploits2References1Affected Software2

OpenVAS•added 2013/03/12 12:0 a.m.•38 views

CentOS Update for httpd CESA-2013:0512 centos6

Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2013:0512 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

5CVSS7.7AI score0.52581EPSS

Exploits4References2

OpenVAS•added 2013/03/12 12:0 a.m.•42 views

CentOS Update for httpd CESA-2013:0512 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5CVSS7.3AI score0.52581EPSS

Exploits4References2

Tenable Nessus•added 2013/03/10 12:0 a.m.•260 views

CentOS 6 : php (CESA-2013:0514)

Updated php packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, whic...

10CVSS8.9AI score0.32676EPSS

Exploits3References5

Prion•added 2013/03/06 1:10 p.m.•16 views

Code injection

The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an...

4.6CVSS6.9AI score0.00054EPSS

Exploits0References2Affected Software1

Debian CVE•added 2013/03/06 11:0 a.m.•33 views

CVE-2013-1048

4.6CVSS6.3AI score0.00054EPSS

Exploits0

Tenable Nessus•added 2013/03/01 12:0 a.m.•42 views

Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20130221)

An input sanitization flaw was found in the modnegotiation Apache HTTP Server module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews options enabled, could use this flaw to conduct cross-site scripting attacks against users visiting th...

5CVSS7.4AI score0.52581EPSS

Exploits4References4

seebug.org•added 2013/02/28 12:0 a.m.•590 views

Apache HTTP Server balancer_handler函数跨站脚本漏洞(CVE-2012-4558)

BUGTRAQ ID: 58165 CVECAN ID: CVE-2012-4558 Apache HTTP Server是开源HTTP服务器。 Apache HTTP Server被报告存在多个漏洞，攻击者能利用这些漏洞进行跨站脚本攻击。 1）modinfo, modldap, modstatus, modimagemap, 以及modproxyftp模块中某些与hostnames和URI相关的输入没有经过正确的检查即返回给用户。 2）传递给modproxybalancer模块管理接口的某些不确定输入没有经过正确检查即返回给用户。...

4.3CVSS6.3AI score0.58223EPSS

Exploits2

seebug.org•added 2013/02/28 12:0 a.m.•455 views

Apache HTTP Server多个模块主机名和URI跨站脚本漏洞

BUGTRAQ ID: 58165 CVECAN ID: CVE-2012-3499 Apache HTTP Server是开源HTTP服务器。 Apache HTTP Server 2.4.4及之前版本在实现上存在多个XSS漏洞，通过模块1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, 5 modstatus内的主机名和URI，远程攻击者可利用此漏洞注入任意js脚本和HTML。 0 Apache Group HTTP Server 2.4.x Apache Group HTTP Server 2.2.x 厂商补丁： Apache...

4.3CVSS6.5AI score0.21581EPSS

Exploits2

Cent OS•added 2013/02/27 7:35 p.m.•105 views

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2013:0512 Updated httpd packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common...

5CVSS7AI score0.52581EPSS

Exploits4References7

OSV•added 2013/02/26 4:55 p.m.•8 views

CVE-2012-3499

Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...

6.1AI score

Exploits0References39

NVD•added 2013/02/26 4:55 p.m.•22 views

CVE-2012-4558

Multiple cross-site scripting XSS vulnerabilities in the balancerhandler function in the manager interface in modproxybalancer.c in the modproxybalancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML vi...

4.3CVSS5.5AI score0.58223EPSS

Exploits2References36

OSV•added 2013/02/26 4:55 p.m.•6 views

CVE-2012-4558

6AI score

Exploits0References36

NVD•added 2013/02/26 4:55 p.m.•23 views

CVE-2012-3499

4.3CVSS5.5AI score0.21581EPSS

Exploits2References39

Prion•added 2013/02/26 4:55 p.m.•24 views

Cross site scripting