DEBIAN-CVE-2011-2688

SQL injection vulnerability in mysql/mysql-auth.pl in the modauthnzexternal module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field...

ZDI-11-238: Oracle Secure Backup validate_login Command Injection Remote Code Execution Vulnerability

ZDI-11-238: Oracle Secure Backup validatelogin Command Injection Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-238 July 21, 2011 -- CVE ID: CVE-2011-2261 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Oracle -- Affected Products: Oracle Secu...

Enable X-FRAME-Options header to implement clickjacking protection

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-25143. panel TLDR: Add X-FRAME-Options: SAMEORIGIN to all HTTPS pages server config, and test that nothing breaks. --- Description: Current...

Oracle Secure Backup validate_login Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Secure Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the validatelogin function defined within /apache/htdocts/php/common.php. The...

Openslaed 1.2 Remote Shell Upload

?php / Vendor: www.slaed.net Download : http://www.slaed.net/uploads/files/public/openslaed.zip exploited by ..: eidelweiss Affected: Version 1.2 Other or lowers version may also be affected Greetz: yogyacarderlink Team, devilzc0de Team, Nofia Fitri unyu², whitehat, petimati, psycothicgirl, viska...

Open Slaed CMS v1.2 Remote Arbitrary File Upload Exploit

Exploit for php platform in category web applications ?php / Vendor: www.slaed.net Download : http://www.slaed.net/uploads/files/public/openslaed.zip exploited by ..: eidelweiss Affected: Version 1.2 Other or lowers version may also be affected Greetz: yogyacarderlink Team, devilzc0de Team, Nofia...

mod_dav: DoS (httpd child process crash) by parsing URI structure with missing path segments

The 1 modcache and 2 moddav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service process crash via a request that lacks a path...

(mod_dav_svn): DoS (crash) via request to deliver baselined WebDAV resources

The moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a request for a baselined WebDAV resource, as exploited in the wild in May 2011...

apr: DoS flaw in apr_fnmatch() due to fix for CVE-2011-0419

The fnmatch implementation in aprfnmatch.c in the Apache Portable Runtime APR library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service infinite loop via a URI that does not match unspecified types of wildcard patterns, as demonstrated by...

DEBIAN-CVE-2011-1928

The fnmatch implementation in aprfnmatch.c in the Apache Portable Runtime APR library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service infinite loop via a URI that does not match unspecified types of wildcard patterns, as demonstrated by...

(mod_dav_svn): DoS (crash) by processing certain requests to display all available repositories to a web browser

The walk function in repos.c in the moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service NULL pointer dereference and daemon crash via vectors that trigger the walking of SVNParentPath...

FreePBX Recording Interface File Upload Code Execution (CVE-2010-3490)

FreePBX is an open source software implementation of a telephone Private Branch eXchange PBX. It allows a number of attached telephones to make calls to one another, and to connect to other telephone services including the public switched telephone network. A code execution vulnerability exists i...

mod_dav: DoS (httpd child process crash) by parsing URI structure with missing path segments

The 1 modcache and 2 moddav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service process crash via a request that lacks a path...

DEBIAN-CVE-2010-2791

modproxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in...

mod_autoindex XSS

Cross-site scripting XSS vulnerability in modautoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that th...

httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header

The modproxyftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pa...

httpd: mod_proxy_http DoS via excessive interim responses from the origin server

The approxyhttpprocessresponse function in modproxyhttp.c in the modproxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service memory consumption via a large number of interim...

DEBIAN-CVE-2010-1452

The 1 modcache and 2 moddav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service process crash via a request that lacks a path...

DM Filemanager (fckeditor) Remote Arbitrary File Upload Exploit

?php / ----------------------------------------------------------------- DM Filemanager fckeditor Remote Arbitrary File Upload Exploit ----------------------------------------------------------------- 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /,...

Hero DVD Remote Buffer Overflow Exploit

Exploit for windows platform in category remote exploits ======================================= Hero DVD Remote Buffer Overflow Exploit ======================================= Exploit Title : Hero DVD Remote Buffer Overflow Exploit Date : July 7, 2010 Author : chap0 www.seek-truth.net Software...