Debian Security Advisory DSA 2670-1 (request-tracker3.8 - several vulnerabilities)

Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-3368 The rt command line tool uses semi-predictable temporary files. A malicious user can us...

Debian: Security Advisory (DSA-2670-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2013-3440 · Apache +5 · Apache Http Server +5

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.2.x through 2.2.24 Description: The issue allows remote attackers to potentially execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. This is due to the mod rewrit...

Web Cookbook - Multiple SQL Injection Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Web Cookbook Multiple SQL Injection Date: 2013/3/12 Exploit Author: Saadat Ullah ， email protected Software Link: http://sourceforge.net/projects/webcookbook/ Author HomePage: http://security-geeks.blogspot.com/ Tested on: Serve...

CVE-2013-1048

The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an...

RHEL 4 : nspr and nss (RHSA-2009:1190)

Updated nspr and nss packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 4.7 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. Netscape Portable Runtime NSPR provides platform...

CentOS Update for httpd CESA-2013:0130 centos5

Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2013:0130 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

httpd: mod_negotiation CRLF injection via untrusted file names in directories with MultiViews enabled

CRLF injection vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP respons...

httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled

Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted...

httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled

Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted...

Debian DSA-2567-1 : request-tracker3.8 - several vulnerabilities

Several vulnerabilities were discovered in Request Tracker RT, an issue tracking system. - CVE-2012-4730 Authenticated users can add arbitrary headers or content to mail generated by RT. - CVE-2012-4732 A CSRF vulnerability may allow attackers to toggle ticket bookmarks. - CVE-2012-4734 If users...

DSA-2567-1 request-tracker3.8 - several

Bulletin has no description...

First Signs of Google's Do Not Track Feature Begin to Surface on Chrome

Google Chrome is indeed getting a Do Not Track DNT feature according to source code published in the developer’s release of the browser at the end of last week. The feature should clear Google’s dev and beta channels before making its way into the next stable build of the browser before the end o...

DEBIAN-CVE-2012-3526

The reverse proxy add forward module modrpaf 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service server or application crash via multiple X-Forwarded-For headers in a request...

WespaJuris 3.0 Shell Upload / SQL Injection

Then, go to http://localhost/juris/clientdir/30/dl/webshell.php and see your webshell. :: How this exploit works? Manually work. Login bypass On login form, enter "SQLi strings"...

Scientific Linux Security Update : php on SL5.x i386/x86_64 (20120118)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash...

The zend framework xxe injection analysis-vulnerability warning-the black bar safety net

A few days ago online broke a zend framework vulnerability author: mkods Specifically described as follows: ; according to the description, the vulnerability occurs in the zend Framework xmlrpc module of an xxeXML external entity injection vulnerability this vulnerability can be read on server...

TheBlog <= 2.0 Multiple Vulnerabilities

Exploit for php platform in category web applications = 5, on SQL codes to insert, you must replace all: TYPE=MyISAM By: ENGINE=InnoDB -+- We discovered multiple vulnerabilities on this system. All in index.php, vars: SQL Injection index.php?id=sqli index.php?cat=sqli index.php?archives=sqli...

TheBlog 2.0 - Multiple Vulnerabilities

= 5, on SQL codes to insert, you must replace all: TYPE=MyISAM By: ENGINE=InnoDB -+- We discovered multiple vulnerabilities on this system. All in index.php, vars: SQL Injection index.php?id=sqli index.php?cat=sqli index.php?archives=sqli without "-" XSS Persistent stored When reading a post,...

httpd: possible crash on shutdown due to flaw in scoreboard handling

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service daemon crash during shutdown or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free...