154 matches found
CVE-2002-0653
Off-by-one buffer overflow in the sslcompatdirective function, as called by the rewritecommand hook for modssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries...
mod_auth_any for Apache Metacharacter Remote Command Execution
The remote host seems to be running modauthany, an Apache Module which allows the use of third-party authentication programs. This module does not properly escape shell characters when a username is supplied, and therefore an attacker may use this module to : - Execute arbitrary commands on the...
mod_frontpage for Apache fpexec Remote Overflow
The remote host is using the Apache modfrontpage module. modfrontpage older than 1.6.1 is vulnerable to a buffer overflow that could allow an attacker to gain root access. Since Nessus was not able to remotely determine the version of modfrontage you are running, you are advised to manually check...
security flaw
Cross-site scripting vulnerability in the modssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a...
[SECURITY] [DSA 181-1] New mod_ssl packages fix cross site scripting
-------------------------------------------------------------------------- Debian Security Advisory DSA 181-1 [email protected] http://www.debian.org/security/ Martin Schulze October 22nd, 2002 http://www.debian.org/security/faq -...
security flaw
Off-by-one buffer overflow in the sslcompatdirective function, as called by the rewritecommand hook for modssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries...
security flaw
Off-by-one buffer overflow in the sslcompatdirective function, as called by the rewritecommand hook for modssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries...
CVE-2001-1216
Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page...
mod_ssl Buffer Overflow Condition (Update Available)
modssl Buffer Overflow Condition Update Available -------------------------------------------------------- SYNOPSIS modssl www.modssl.org is a commonly used Apache module that provides strong cryptography for the Apache web server. The module utilizes OpenSSL formerly SSLeay for the SSL...
CVE-2001-1216
Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page...
CVE-2001-0108
PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested...
CVE-2001-0108
PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested...
PHP Security Advisory - Apache Module bugs
Problems ========= 1 PHP supports a configuration mechanism that allows users to configure PHP directives on a per-directory basis. Under Apache, this is usually done using .htaccess files. Due to a bug in the Apache module version of PHP, remote 'malicious users' might be able to create a specia...
CVE-2001-1385
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts...