Phusion Passenger Symbolic Link Attack Vulnerability (CNVD-2015-01246)

Phusion Passenger is an Apache module from the Dutch company Phusion for easier deployment of Ruby on Rails projects on Apache and Nginx web servers. Versions of Phusion Passenger prior to 4.0.37 have a symbolic link attack vulnerability due to the program not creating temporary files in a secure...

HumHub 0.10.0 File Upload / Remote Code Execution Vulnerabilities

HumHub versions 0.10.0 and below suffer from .htaccess file upload and remote code execution vulnerabilities. + HumHub .htaccess file upload vulnerability and remote code execution + Discovered by: Jos Wetzels + Vendor: HumHub + Product: HumHub + Versions affected: 0.10.0 and earlier. + Advisory...

F5 Networks BIG-IP : Remote vulnerability in the mod_jk2 Apache module (SOL7886)

A vulnerability exists in the legacy version of the modjk2 Apache module. If successfully exploited, an attacker may be able to run arbitrary code on affected system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5...

RHEL 7 : mod_wsgi (RHSA-2014:1091)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2014:1091 advisory. The modwsgi adapter is an Apache module that provides a WSGI-compliant interface for hosting Python-based web applications within Apache. It was foun...

Debian DSA-2991-1 : modsecurity-apache - security update

Martin Holst Swende discovered a flaw in the way chunked requests are handled in ModSecurity, an Apache module whose purpose is to tighten the Web application security. A remote attacker could use this flaw to bypass intended modsecurity restrictions by using chunked transfer coding with a...

Debian Security Advisory DSA 2991-1 (modsecurity-apache - security update)

Martin Holst Swende discovered a flaw in the way chunked requests are handled in ModSecurity, an Apache module whose purpose is to tighten the Web application security. A remote attacker could use this flaw to bypass intended modsecurity restrictions by using chunked transfer coding with a...

CentOS 6 : mod_wsgi (CESA-2014:0788)

An updated modwsgi package that fixes two security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Important: Red Hat Security Advisory: mod_wsgi security update

An updated modwsgi package that fixes two security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

[SECURITY] Fedora 19 Update: mod_wsgi-3.5-1.fc19

The modwsgi adapter is an Apache module that provides a WSGI compliant interface for hosting Python based web applications within Apache. The adapter is written completely in C code against the Apache C runtime and for hosting WSGI applications within Apache has a lower overhead than using existi...

[SECURITY] Fedora 20 Update: php-5.5.13-3.fc20

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

[SECURITY] Fedora 20 Update: mod_wsgi-3.5-1.fc20

The modwsgi adapter is an Apache module that provides a WSGI compliant interface for hosting Python based web applications within Apache. The adapter is written completely in C code against the Apache C runtime and for hosting WSGI applications within Apache has a lower overhead than using existi...

UBUNTU-CVE-2014-0242

modwsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread...

[SECURITY] Fedora 18 Update: mod_fcgid-2.3.9-1.fc18

modfcgid is a binary-compatible alternative to the Apache module modfastc gi. modfcgid has a new process management strategy, which concentrates on redu cing the number of fastcgi servers, and kicking out corrupt fastcgi servers as s oon as possible...

[SECURITY] Fedora 20 Update: mod_fcgid-2.3.9-1.fc20

modfcgid is a binary-compatible alternative to the Apache module modfastc gi. modfcgid has a new process management strategy, which concentrates on redu cing the number of fastcgi servers, and kicking out corrupt fastcgi servers as s oon as possible...

mod_accounting Module 0.5 - Blind SQL Injection

modaccounting Module 0.5 - Blind SQL Injection - Affected Vendor: http://sourceforge.net/projects/mod-acct/files/ - Affected Software: modaccounting - Affected Version: 0.5. Other earlier versions may be affected. - Issue type: Blind SQL injection - Release Date: 20 Sep 2013 - Discovered by: Elda...

mod_accounting Module 0.5 - Blind SQL Injection

Affected Vendor: http://sourceforge.net/projects/mod-acct/files/ - Affected Software: modaccounting - Affected Version: 0.5. Other earlier versions may be affected. - Issue type: Blind SQL injection - Release Date: 20 Sep 2013 - Discovered by: Eldar "Wireghoul" Marcussen - CVE Identifier:...

[SECURITY] Fedora 18 Update: php-5.4.19-1.fc18

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

MGASA-2013-0253 Updated rubygem-passenger package fixes CVE-2013-4136 & apache module

Updated rubygem-passenger package fixes security vulnerability: It was reported that Phusion Passenger would reuse existing server instance directories temporary directories which could cause Passenger to remove or overwrite files belonging to other instances CVE-2013-4136. Additionally, the...

DEBIAN-CVE-2013-1846

The moddavsvn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service NULL pointer dereference and crash via a LOCK on an activity URL...

Google, Paypal, Facebook Internal IP disclosure vulnerability

Do you have any idea about an Internal IP Address or a Private IP Address that too assigned for Multinational Companies? Yeah, today we are gonna discuss about Internal IP or Private IP address Disclosure. Disclosure of an Internal IP like 192.168.. or 172.16.. , can really Impact ? Most security...