Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)

Check for the Version of apache-conf OpenVAS Vulnerability Test Mandriva Update for apache-conf MDVA-2010:011 apache-conf Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

MDVA-2010:011 : apache-conf

This is a maintenance and bugfix release of apache-conf that mainly fixes so that the httpd service is handled more gracefully when reloading the apache server 56857. Other fixes where appliable: - fix 53887 obsolete favicon.ico file in Apache default www pages - workaround 47992 apache does not...

apache mod-proxy-balancer 2.2.6 跨站脚本漏洞

No description provided by source...

apache 2.2.7 跨站脚本漏洞

No description provided by source...

DEBIAN-CVE-2009-3890

Unrestricted file upload vulnerability in the wpcheckfiletype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the modmime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an...

httpd: possible temporary DoS (CPU consumption) in mod_deflate

The moddeflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service CPU consumption...

Simple Directory Listing Cross Site Scripting

Security Advisory : Cross-Site Scripting flaw in Simple Directory Listing Discovered by == Amol Naik amolnaik4atgmaildotcom Overview -------------- Quote from from http://simpledirectorylisting.net/ : "Simple Directory Listing is a single file php script which functions as directory listing in an...

httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header

The modproxyftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pa...

Critical: Red Hat Security Advisory: nspr and nss security and bug fix update

Updated nspr and nss packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 4.7 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. Netscape Portable Runtime NSPR provides platform...

httpd: mod_proxy reverse proxy DoS (infinite loop)

The streamreqbodycl function in modproxyhttp.c in the modproxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service C...

httpd: AllowOverride Options=IncludesNoExec allows Options Includes

The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring 1 Options Includes, 2 Options +Includes, or 3 Options +IncludesNOEXEC in a .htaccess file, and then...

httpd: mod_proxy reverse proxy DoS (infinite loop)

The streamreqbodycl function in modproxyhttp.c in the modproxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service C...

httpd: AllowOverride Options=IncludesNoExec allows Options Includes

The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring 1 Options Includes, 2 Options +Includes, or 3 Options +IncludesNOEXEC in a .htaccess file, and then...

YourTube 2.0 - Arbitrary Database Disclosure

YourTube 2.0 - Arbitrary Database Disclosure exploit : YourTube info : http://www.ac4p.com //= DORK: "powered by yourtube" //= found by: Security Code Team - thanks for sniper code and Qabandi -- //= our home: WwW.Sec-Code.com //= greats 4 our members in our home -- /// // - Upload this file to...

YourTube 2.0 - Arbitrary Database Disclosure

exploit : YourTube info : http://www.ac4p.com //= DORK: "powered by yourtube" //= found by: Security Code Team - thanks for sniper code and Qabandi -- //= our home: WwW.Sec-Code.com //= greats 4 our members in our home -- /// // - Upload this file to Apache server and fill victim site in the feil...

apr-util billion laughs attack

The expat XML parser in the aprxml interface in xml/aprxml.c in Apache APR-util before 1.3.7, as used in the moddav and moddavsvn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service memory consumption via a crafted XML document containing a large number of nest...

Ubuntu: Security Advisory (USN-787-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2009-1955

The expat XML parser in the aprxml interface in xml/aprxml.c in Apache APR-util before 1.3.7, as used in the moddav and moddavsvn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service memory consumption via a crafted XML document containing a large number of nest...

DEBIAN-CVE-2009-1191

modproxyajp.c in the modproxyajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request...

Apache Tomcat JK Connector (mod_jk) Detection (HTTP)

HTTP based detection of Apache Tomcat JK Connector modjk. Copyright C 2009 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...