5836 matches found
Fedora 7 : httpd-2.2.6-1.fc7 (2007-2214)
This update includes the latest stable release of the Apache HTTP Server. A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that...
CVE-2003-1418
CVE-2003-1418 affects Apache HTTP Server 1.3.22–1.3.27 on OpenBSD. The root cause is information disclosure via (1) ETag headers that reveal inode numbers and (2) multipart MIME boundaries that reveal child process IDs (PIDs). Practical impact is partial information disclosure that can aid reconn...
CVE-2003-1418
Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via 1 the ETag header, which reveals the inode number, or 2 multipart MIME boundary, which reveals child process IDs PID...
CentOS 3 : php (CESA-2007:0889)
Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server...
CVE-2007-5156
Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php."...
CVE-2007-5156
Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php."...
Design/Logic Flaw
Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php."...
CVE-2007-5156
Removed by vendor...
CVE-2007-5156
Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php."...
CVE-2007-5156
CVE-2007-5156 references an incomplete blacklist vulnerability in FCKeditor’s editor/filemanager/upload/php/upload.php, used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and other products. The flaw allows remote attackers to upload and execute arbitrary PHP code by submitting a...
[SECURITY] Fedora Core 6 Update: httpd-2.2.6-1.fc6
The Apache HTTP Server is a powerful, efficient, and extensible web server...
[SECURITY] Fedora 7 Update: php-5.2.4-1.fc7
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
[SECURITY] Fedora 7 Update: httpd-2.2.6-1.fc7
The Apache HTTP Server is a powerful, efficient, and extensible web server...
Cross site scripting
Cross-site scripting XSS vulnerability in modautoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that th...
CVE-2007-4465
Cross-site scripting XSS vulnerability in modautoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that th...
CVE-2007-4465
Cross-site scripting XSS vulnerability in modautoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that th...
DEBIAN-CVE-2007-4465
Cross-site scripting XSS vulnerability in modautoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that th...
CVE-2007-4465
Cross-site scripting XSS vulnerability in modautoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that th...
CVE-2007-4465
The CVE-2007-4465 entry covers an XSS in Apache httpd’s mod_autoindex.c (pre-2.2.6) where an undefined page charset allows injection via the P parameter using UTF-7. Impact is cross-site scripting; remediation is to upgrade Apache httpd to 2.2.6 or newer (as per the cited advisory). The descripti...
PT-2007-5645 · Apache +1 · Apache Http Server +1
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions prior to 2.2.6 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset when the charset on a server-generated page is...