5836 matches found
Apache 'mod_proxy_ftp'未定义字符集UTF-7跨站脚本漏洞
BUGTRAQ ID: 27234 CVE ID:CVE-2008-0005 CNCVE ID:CNCVE-20080005 Apache HTTP Server是一款开放源码的WEB服务程序。 Apache HTTP Server包含的modproxyftp模块存在输入验证问题,远程攻击者可以利用漏洞进行跨站脚本攻击,可能获得目标用户敏感信息。 modproxyftp.c存在跨站脚本问题,字符集没有定义,我们可以通过设置字符集未UTF-7,在URL中使用";"字符进行跨站脚本攻击。 Apache Software Foundation Apache 2.2.6 Apache...
CVE-2007-6420
Cross-site request forgery CSRF vulnerability in the balancer-manager in modproxybalancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the balancer-manager in modproxybalancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors...
CVE-2007-6420
Cross-site request forgery CSRF vulnerability in the balancer-manager in modproxybalancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors...
Memory corruption
Unspecified vulnerability in modproxybalancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue...
CVE-2007-6420
Cross-site request forgery CSRF vulnerability in the balancer-manager in modproxybalancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors...
CVE-2007-6423
The CVE-2007-6423 issue concerns Apache HTTP Server 2.2.x on Windows, where mod_proxy_balancer could trigger memory corruption through a long URL. The Red Hat advisory notes the vulnerability as unspecified and unreproducible by the vendor, while Red Hat indicates that Apache 2.2.7-dev contains a...
CVE-2007-6423
Unspecified vulnerability in modproxybalancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue...
CVE-2007-6423
Unspecified vulnerability in modproxybalancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue...
Apache mod_imagemap和mod_imap模块跨站脚本漏洞
BUGTRAQ ID: 26838 CVECAN ID: CVE-2007-5000 Apache HTTP Server是一款流行的Web服务器。 Apache的modimagemap和modimap模块中没有正确地过滤某些用户输入,允许远程攻击者提交恶意的HTTP请求执行跨站脚本攻击。 Apache Group Apache 2.2.0 - 2.2.6 Apache Group Apache 2.0.35 - 2.0.61 Apache Group Apache 1.3.0 - 1.3.39 Apache Group ------------...
DEBIAN-CVE-2007-6421
Cross-site scripting XSS vulnerability in balancer-manager in modproxybalancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the 1 ss, 2 wr, or 3 rr parameters, or 4 the URL...
CVE-2007-6421
Cross-site scripting XSS vulnerability in balancer-manager in modproxybalancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the 1 ss, 2 wr, or 3 rr parameters, or 4 the URL...
CVE-2007-6421
Cross-site scripting XSS vulnerability in balancer-manager in modproxybalancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the 1 ss, 2 wr, or 3 rr parameters, or 4 the URL...
CVE-2007-6421
Cross-site scripting XSS vulnerability in balancer-manager in modproxybalancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the 1 ss, 2 wr, or 3 rr parameters, or 4 the URL...
CVE-2007-6421
Cross-site scripting XSS vulnerability in balancer-manager in modproxybalancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the 1 ss, 2 wr, or 3 rr parameters, or 4 the URL...
CVE-2007-6388
Cross-site scripting XSS vulnerability in modstatus in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2007-6422
The balancerhandler function in modproxybalancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service child process crash via an invalid bb variable...
Code injection
The balancerhandler function in modproxybalancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service child process crash via an invalid bb variable...
Cross site scripting
Cross-site scripting XSS vulnerability in modstatus in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2007-6422
The balancerhandler function in modproxybalancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service child process crash via an invalid bb variable...