Apache Httpd < 2.4.4 : XSS in mod_proxy_balancer

A XSS flaw affected the modproxybalancer manager interface...

Apache Httpd < 2.2.24 : XSS in mod_proxy_balancer

A XSS flaw affected the modproxybalancer manager interface...

[slackware-security] php

New php packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue. Here are the details from the Slackware 13.37 ChangeLog: patches/packages/php-5.3.15-i486-1slack13.37.txz: Upgraded. Fixed potential overflow in phpstreamscandir CVE-2012-2688...

[slackware-security] php

New php packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. Here are the details from the Slackware 13.37 ChangeLog: patches/packages/php-5.3.14-i486-1slack13.37.txz: Upgraded. This release fixes a weakness in the DES implementation of...

Apache HTTPD mod_log_config Cookie Handling Denial of Service (CVE-2012-0021)

A denial of service vulnerability has been reported in Apache HTTPD server...

Apache HTTPD Error Code 400 httpOnly Cookie Handling Information Disclosure (CVE-2012-0053)

An information disclosure vulnerability has been reported in Apache HTTPD server...

httpd: NULL pointer dereference crash in mod_log_config

The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %C format string, which allows remote attackers to cause a denial of service daemon crash via a cookie that lacks both a nam...

myCare2x CMS - Multiple Web Vulnerabilities

Exploit for php platform in category web applications Title: ====== myCare2x CMS - Multiple Web Vulnerabilities Introduction: ============= myCare2x is an web application. All program modules and data accesses are processed in the server. User only need a web browser, in order to use the myCare2x...

myCare2x CMS - Multiple Web Vulnerabilities

Document Title: =============== myCare2x CMS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=524 Release Date: ============= 2012-05-02 Vulnerability Laboratory ID VL-ID: ==================================== 524 Common...

AZL-41033 CVE-2012-0883 affecting package httpd for versions less than 2.4.2-1

envvars aka envvars-std in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl...

Apache HTTPD mod_proxy Security Bypass (CVE-2011-3368)

A security bypass vulnerability has been reported in Apache HTTP Server...

httpd: ap_pregsub Integer overflow to buffer overflow

Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...

Apache Httpd < 2.2.23 : insecure LD_LIBRARY_PATH handling

Insecure handling of LDLIBRARYPATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory...

Apache Httpd < 2.4.2 : insecure LD_LIBRARY_PATH handling

Insecure handling of LDLIBRARYPATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory...

Debian DSA-2405-1 : apache2 - multiple issues

Several vulnerabilities have been found in the Apache HTTPD Server : - CVE-2011-3607 : An integer overflow in appregsub could allow local attackers to execute arbitrary code at elevated privileges via crafted .htaccess files. - CVE-2011-3368 CVE-2011-3639 CVE-2011-4317 : The Apache HTTP Server di...

[SECURITY] [DSA 2405-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2405-1 [email protected] http://www.debian.org/security/ Stefan Fritsch February 06, 2012 http://www.debian.org/security/faq -...

[SECURITY] [DSA 2405-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2405-1 [email protected] http://www.debian.org/security/ Stefan Fritsch February 06, 2012 http://www.debian.org/security/faq -...

DSA-2405-1 apache2 - multiple issues

Bulletin has no description...

Apache Httpd < 2.2.22 : scoreboard parent DoS

A flaw was found in the handling of the scoreboard. An unprivileged child process could cause the parent process to crash at shutdown rather than terminate cleanly...

Apache Httpd < 2.0.65 : scoreboard parent DoS

A flaw was found in the handling of the scoreboard. An unprivileged child process could cause the parent process to crash at shutdown rather than terminate cleanly...