979 matches found
[slackware-security] php
New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/php-5.4.34-i486-1slack14.1.txz: Upgraded. This update fixes bugs and security issues. 68044 Integer overflow in unserialize 32-bit...
Apache Httpd < 2.4.12 : mod_proxy_fcgi out-of-bounds memory read
An out-of-bounds memory read was found in modproxyfcgi. A malicious FastCGI server could send a carefully crafted response which could lead to a crash when reading past the end of a heap memory or stack buffer. This issue affects version 2.4.10 only...
MGASA-2014-0317 Updated ocsinventory packages fix security vulnerability
Multiple cross-site scripting XSS vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors CVE-2014-4722. Also, the web interface has been fixed to work with Apache HTTPD 2.4...
Updated ocsinventory packages fix security vulnerability
Multiple cross-site scripting XSS vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors CVE-2014-4722. Also, the web interface has been fixed to work with Apache HTTPD 2.4...
httpd: mod_status heap-based buffer overflow
A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a specially crafted request that would cause the httpd chi...
Apache 2.4.x mod_proxy Denial Of Service
::: ::::::::: ::: :::::::: ::: ::::::::::::: ::: :::::::::::::::::::::::::::::::::: ::::::::: :+: :+: :+: :+: :+: :+: :+: :+::+: :+::+: :+: :+: :+: :+: :+: :+::+: :+: +:+ +:+ +:+ +:++:+ +:+ +:+ +:+ +:++:+ +:+ +:+ +:+ +:+ +:+ +:++:+ +:+ +++:++++:+++:++++++:++++:++ +++:+++++++:++ +++:++++ ++ ++...
Apache Httpd < 2.4.10 : WinNT MPM denial of service
A flaw was found in the WinNT MPM in httpd versions 2.4.1 to 2.4.9, when using the default AcceptFilter for that platform. A remote attacker could send carefully crafted requests that would leak memory and eventually lead to a denial of service against the server...
Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package, included with various implementatio...
Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
No description provided by source. source: http://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package, included with various implementatio...
CodeBlue 5.1 SMTP Response Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5300/info CodeBlue is an Apache httpd log scanning utility that attempts to contact the administrators of hosts infected with worms. A buffer overflow vulnerability has been reported in CodeBlue. The condition occurs when...
Aprox CMS Engine 5 (1.0.4) - Local File Inclusion Vulnerability
No description provided by source. 01010111 01001001 01010010 01000101 01000100 01010011 - 01000101 01000011 01010101 01010010 01001001 01010100 - 01011001 ADVISORY: APROX CMS ENGINE V5.1.0.4 LOCAL FILE INCLUSION LFI || 0x00: ABOUT ME || 0x01: DATELINE || 0x02: INFORMATION || 0x03: EXPLOITATION |...
Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package, included with various implementatio...
Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
No description provided by source. source: http://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package, included with various implementatio...
httpd: mod_dav denial of service via crafted DAV WRITE request
The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service daemon crash via a crafted DAV WRITE request...
Apache Httpd < 2.4.10 : mod_cgid denial of service
A flaw was found in modcgid. If a server using modcgid hosted CGI scripts which did not consume standard input, a remote attacker could cause child processes to hang indefinitely, leading to denial of service...
Apache Httpd < 2.2.29 : mod_cgid denial of service
A flaw was found in modcgid. If a server using modcgid hosted CGI scripts which did not consume standard input, a remote attacker could cause child processes to hang indefinitely, leading to denial of service...
openSUSE Security Update : libsvn_auth_gnome_keyring-1-0 (openSUSE-SU-2011:0693-1)
CVE-2011-1752: The moddavsvn Apache HTTPD server module can be crashed though when asked to deliver baselined WebDAV resources. - CVE-2011-1783: The moddavsvn Apache HTTPD server module can trigger a loop which consumes all available memory on the system. - CVE-2011-1921: The moddavsvn Apache...
openSUSE Security Update : libsvn_auth_gnome_keyring-1-0 (openSUSE-SU-2011:0695-1)
Subversion was updated to version 1.6.17 to fix several security issues : - CVE-2011-1752: The moddavsvn Apache HTTPD server module can be crashed though when asked to deliver baselined WebDAV resources. - CVE-2011-1783: The moddavsvn Apache HTTPD server module can trigger a loop which consumes a...
Apache Httpd < 2.4.10 : mod_status buffer overflow
A race condition was found in modstatus. An attacker able to access a public server status page on a server using a threaded MPM could send a carefully crafted request which could lead to a heap buffer overflow. Note that it is not a default or recommended configuration to have a public accessibl...
Apache Httpd < 2.2.29 : mod_status buffer overflow
A race condition was found in modstatus. An attacker able to access a public server status page on a server using a threaded MPM could send a carefully crafted request which could lead to a heap buffer overflow. Note that it is not a default or recommended configuration to have a public accessibl...