OPENSUSE-SU-2025:15313-1 apache2-mod_security2-2.9.11-1.1 on GA media

These are all security issues fixed in the apache2-modsecurity2-2.9.11-1.1 package on the GA media of openSUSE Tumbleweed...

Updated apache-mod_security packages fix security vulnerabilities

ModSecurity Has Possible DoS Vulnerability. CVE-2025-47947 ModSecurity has possible DoS vulnerability in sanitiseArg action. CVE-2025-48866...

Mageia: Security Advisory (MGASA-2024-0070)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2024-0070 Updated apache-mod_security-crs packages fix security vulnerabilities

A SQL injection bypass aka PL1 bypass exists in OWASP ModSecurity Core Rule Set owasp-modsecurity-crs through v3.1.0-rc3 via ab where a is a special function name such as "if" and b is the SQL statement to be executed. CVE-2018-16384 Modsecurity owasp-modsecurity-crs 3.2.0 Paranoia level at PL1 h...

Mageia: Security Advisory (MGASA-2023-0175)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2014-0180)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2021-0576)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2015:106)

Updated apache-modsecurity packages fix security vulnerability : Martin Holst Swende discovered a flaw in the way modsecurity handled chunked requests. A remote attacker could use this flaw to bypass intended modsecurity restrictions, allowing them to send requests containing content that should...

[ MDVSA-2014:081 ] apache-mod_security

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:081 http://www.mandriva.com/en/support/security/ Package : apache-modsecurity Date : May 8, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Updated apache-modsecurity packages...

Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2014:081)

Updated apache-modsecurity packages fix security vulnerability : Martin Holst Swende discovered a flaw in the way modsecurity handled chunked requests. A remote attacker could use this flaw to bypass intended modsecurity restrictions, allowing them to send requests containing content that should...

MGASA-2014-0180 Updated apache-mod_security packages fix security vulnerability

Updated apache-modsecurity packages fix security vulnerability: Martin Holst Swende discovered a flaw in the way modsecurity handled chunked requests. A remote attacker could use this flaw to bypass intended modsecurity restrictions, allowing them to send requests containing content that should...

Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2013:187)

Updated apache-modsecurity packages fix security vulnerability : When ModSecurity receives a request body with a size bigger than the value set by the SecRequestBodyInMemoryLimit and with a Content-Type that has no request body processor mapped to it, ModSecurity will systematically crash on ever...

apache-mod_security new security issue CVE-2013-2765

Updated apache-modsecurity packages fix security vulnerability: When ModSecurity receives a request body with a size bigger than the value set by the "SecRequestBodyInMemoryLimit" and with a "Content-Type" that has no request body processor mapped to it, ModSecurity will systematically crash on...

MGASA-2013-0179 apache-mod_security new security issue CVE-2013-2765

Updated apache-modsecurity packages fix security vulnerability: When ModSecurity receives a request body with a size bigger than the value set by the "SecRequestBodyInMemoryLimit" and with a "Content-Type" that has no request body processor mapped to it, ModSecurity will systematically crash on...

Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2013:029)

A vulnerability has been discovered and corrected in apache-modsecurity : ModSecurity = 2.6.8 is vulnerable to multipart/invalid part ruleset bypass, this was fixed in 2.7.0 released on2012-10-16 CVE-2012-4528. The updated packages have been patched to correct this issue. NOTE: This advisory was...

Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)

Check for the Version of apache-modsecurity OpenVAS Vulnerability Test Mandriva Update for apache-modsecurity MDVSA-2012:182 apache-modsecurity Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2012:182)

Multiple vulnerabilities has been discovered and corrected in apache-modsecurity : ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data...

SN News 1.2 SQL Injection

\n"; echo "Example:\n"; echo "php $argv0 http://www.website.com/snnews\n"; exit; $target = $argv1; ifsubstr$target, strlen$target-1!="/" $target .= "/"; $inject = $target . "visualiza.php?id=-0'%20"; $token = uniqid; $tokenhex = hex$token; echo " Trying to get informations...\n"; $infos =...

SN News (visualiza.php) <= 1.2 SQL Injection Vulnerability

Exploit for php platform in category web applications \n"; echo "Example:\n"; echo "php $argv0 http://www.website.com/snnews\n"; exit; $target = $argv1; ifsubstr$target, strlen$target-1!="/" $target .= "/"; $inject = $target . "visualiza.php?id=-0'%20"; $token = uniqid; $tokenhex = hex$token; ech...