[SECURITY] [DSA 1247-1] New libapache-mod-auth-kerb packages fix remote denial of service

------------------------------------------------------------------------ Debian Security Advisory DSA-1247-1 [email protected] http://www.debian.org/security/ Noah Meyerhans January 08, 2007 - ------------------------------------------------------------------------ Package :...

DSA-1247-1 libapache-mod-auth-kerb

Bulletin has no description...

phpBypass.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.1.6 / 4.4.4 Critical phpadmin bypass by inirestore Author: Maksymilian Arciemowicz cXIb8O3 Date: - - Written: 05.09.2006 - - Public: 09.09.2006 SecurityAlert Id: 42 CVE: CVE-2006-4625 SecurityRisk: High Affected Software: PHP 5.1.6 / 4.4.4 = x...

FreeBSD : mod_pubcookie -- XSS vulnerability (91afa94c-c452-11da-8bff-000ae42e9b93)

Nathan Dors of the Pubcookie Project reports : Non-persistent XSS vulnerabilities were found in the Pubcookie Apache module modpubcookie and ISAPI filter. These components mishandle untrusted data when printing responses to the browser. This makes them vulnerable to carefully crafted requests...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the modpubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack...

Pubcookie application server modules contain cross-site scripting vulnerabilities

Overview Cross-site scripting vulnerabilities in the Pubcookie application server modules could allow a remote attacker to gain access to sensitive information. Description Pubcookie is a software package that provides intra-institutional single-sign-on authentication for end-users over the web...

How to PHP application in the Common Vulnerabilities attack-exploit warning-the black bar safety net

Library files As we discussed earlier, includeand requireis mainly to support the code library, because we usually put some frequently used functions into a separate file, this separate file is the code library, when you need to use one of the function, we just put this code library is included...

mod_pubcookie -- cross site scripting vulnerability

Nathan Dors of the Pubcookie Project reports: Non-persistent XSS vulnerabilities were found in the Pubcookie Apache module modpubcookie and ISAPI filter. These components mishandle untrusted data when printing responses to the browser. This makes them vulnerable to carefully crafted requests...

USN-232-1: PHP vulnerabilities

Eric Romang discovered a local Denial of Service vulnerability in the handling of the 'session.savepath' parameter in PHP's Apache 2.0 module. By setting this parameter to an invalid value in an .htaccess file, a local user could crash the Apache server. CVE-2005-3319 A Denial of Service flaw was...

JRun mod_jrun WriteToLog buffer overflow

Added: 12/10/2005 CVE: CVE-2004-0646 BID: 11245 OSVDB: 10546 Background Macromedia JRun is a J2EE application server. modjrun is an Apache module which enables the use of JRun applications through an Apache web server. Problem A buffer overflow vulnerability in modjrun and modjrun20 allows a remo...

JRun mod_jrun WriteToLog buffer overflow

Added: 12/10/2005 CVE: CVE-2004-0646 BID: 11245 OSVDB: 10546 Background Macromedia JRun is a J2EE application server. modjrun is an Apache module which enables the use of JRun applications through an Apache web server. Problem A buffer overflow vulnerability in modjrun and modjrun20 allows a remo...

Subversion < 1.0.6 Module File Restriction Bypass

Subversion is prone to a flaw Apache module modauthzsvn. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Subversion Module unreadeable path information disclosure

You are running a version of Subversion which is older than 1.0.8 or 1.1.0-rc4. A flaw exist in older version, in the apache module modauthzsvn, which fails to properly restrict access to metadata within unreadable paths. An attacker can read metadata in unreadable paths, which can contain...

CVE-2005-3319

The apache2handler SAPI sapiapache2.c in the Apache module modphp for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service segmentation fault via the session.savepath option in a .htaccess file or VirtualHost...

mod_python vulnerable to information disclosure via crafted URL

Overview The Apache modpython module is vulnerable to unintended remote information disclosure using specially crafted URLs. Description From the modpython web page:Modpython is an Apache module that embeds the Python interpreter within the server. With modpython you can write web-based...

mod_python: Publisher Handler vulnerability

Background modpython is an Apache module that embeds the Python interpreter within the server allowing Python-based web-applications to be created. Description Graham Dumpleton discovered a vulnerability in modpython's Publisher Handler. Impact By requesting a specially crafted URL for a publishe...

CVE-2005-0182

The moddosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack...

Debian DSA-659-1 : libpam-radius-auth - information leak, integer underflow

Two problems have been discovered in the libpam-radius-auth package, the PAM RADIUS authentication module. The Common Vulnerabilities and Exposures Project identifies the following problems : - CAN-2004-1340 The Debian package accidentally installed its configuration file /etc/pamradiusauth.conf...

Mod_dosevasive symlink and race vulnerability

LSS Security Advisory LSS-2005-01-01 http://security.lss.hr --- Title : Moddosevasive symlink and race vulnerability Advisory ID : LSS-2005-01-4 Date : January 1th, 2005 Advisory URL: : http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-01-01 Impact : Arbitrary file creation Risk level ...

CVE-2004-1438

The modauthzsvn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command...