5836 matches found
Directory traversal
Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence...
CVE-2007-4723
Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence...
CVE-2007-4723
CVE-2007-4723 affects Ragnarok Online Control Panel 4.3.4a when used with the Apache HTTP Server. The vulnerability is a directory traversal that allows remote attackers to bypass authentication via crafted URIs ending with publicly accessible pages, demonstrated by a "/...../" sequence and an ac...
ragnarok-bypass.txt
VaLiuS has reported a vulnerability in Ragnarok Online Control Panel, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the authentication process when checking page access. This can be exploited to bypass the...
Apache HTTP Server Worker进程多个本地拒绝服务漏洞
BUGTRAQ ID: 24215 CVECAN ID: CVE-2007-3304 Apache HTTP Server是一款流行的Web服务器。 Apache HTTP Server Worker进程实现上存在多个漏洞,本地攻击者可能利用这些漏洞导致服务不可用。 在发送信号之前Apache HTTP Server没有验证进程为Apache子进程。能够在Apache HTTP Server上运行脚本的本地攻击者可以控制记分板并终止任意进程,导致拒绝服务。 如果Apache httpd安装了Prefork...
printenv.pl(all versions) cross site scripting Vulnerability
...:::::printenv.plall versions cross site scripting Vulnerability::::.... Virangar Security Team www.virangar.org -------- Discoverd By : hadihadi & black.shadowes special tnx to:MR.nosrati,MR.hesy,satan,IGI,zahra & all virangar members & all iranian hackerz greetz:to my best friend in the world...
Fedora Core 6 : httpd-2.2.4-2.1.fc6 (2007-615)
The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of...
httpd, mod_ssl security update
CentOS Errata and Security Advisory CESA-2007:0662 Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a...
httpd mod_status XSS
Cross-site scripting XSS vulnerability in modstatus.c in the modstatus module in Apache HTTP Server httpd, when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browser...
Moderate: Red Hat Security Advisory: httpd security update
Updated Apache httpd packages that correct two security issues are now available for Red Hat Application Stack. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the Apache HTTP...
[SECURITY] Fedora Core 6 Update: httpd-2.2.4-2.1.fc6
The Apache HTTP Server is a powerful, efficient, and extensible web server...
Fedora Core 5 : httpd-2.2.2-1.3 (2007-617)
The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of...
[SECURITY] Fedora Core 5 Update: httpd-2.2.2-1.3
The Apache HTTP Server is a powerful, efficient, and extensible web server...
RHEL 3 : httpd (RHSA-2007:0533)
Updated Apache httpd packages that correct two security issues and two bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in th...
Apache HTTP Server Mod_Cache拒绝服务漏洞
Apache HTTP Server是一款开放源代码的WEB服务程序。 Apache HTTP Server包含的Modcache存在设计错误,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 如果Cache-Control头字段数据s-maxage, max-age, min-fresh, max-stale其中一个值不赋值,那么Modcache模块在解析的时候可导致应用程序崩溃,造成拒绝服务攻击。 RedHat Enterprise Linux Desktop Workstation v. 5 client RedHat Enterprise Linux Desktop v.5...
Design/Logic Flaw
cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...
CVE-2007-1863
cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...
DEBIAN-CVE-2007-1863
cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...
CVE-2006-5752
Cross-site scripting XSS vulnerability in modstatus.c in the modstatus module in Apache HTTP Server httpd, when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browser...
CVE-2007-1863
cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...