21 matches found
EUVD-2024-20846
Malicious code in bioql PyPI...
CVE-2024-23335
MyBB is a free and open source forum software. The backup management module of the Admin CP may accept .htaccess as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There...
Exploit for Improper Encoding or Escaping of Output in Apache Http_Server
CVE-2024-38473 Nuclei Template !imagehttps://github.com/us...
CVE-2024-23335
MyBB is a free and open source forum software. The backup management module of the Admin CP may accept .htaccess as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There...
CVE-2024-23335 Backups directory .htaccess deletion in. MyBB
MyBB is a free and open source forum software. The backup management module of the Admin CP may accept .htaccess as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There...
CVE-2024-23335 Backups directory .htaccess deletion in. MyBB
MyBB is a free and open source forum software. The backup management module of the Admin CP may accept .htaccess as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There...
Remote code execution
Drupal core sanitizes filenames with dangerous extensions upon upload reference: SA-CORE-2020-012 and strips leading and trailing dots from filenames to prevent uploading server configuration files reference: SA-CORE-2019-010. However, the protections for these two vulnerabilities previously did...
CVE-2022-25277
Drupal core sanitizes filenames with dangerous extensions upon upload reference: SA-CORE-2020-012 and strips leading and trailing dots from filenames to prevent uploading server configuration files reference: SA-CORE-2019-010. However, the protections for these two vulnerabilities previously did...
UBUNTU-CVE-2022-25277
Drupal core sanitizes filenames with dangerous extensions upon upload reference: SA-CORE-2020-012 and strips leading and trailing dots from filenames to prevent uploading server configuration files reference: SA-CORE-2019-010. However, the protections for these two vulnerabilities previously did...
SUSE CVE-2007-6750
The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the modreqtimeout module in versions before 2.2.15...
SQL Injection Vulnerability in EML Enterprise Address Book Management System of Yishuitong.com
EML enterprise address book management system is based on Linux open kernel and Apache based Php+Mysql intelligent B/S interactive service system. EML Enterprise Address Book Management System on Yisoftone.com suffers from a SQL injection vulnerability, which can be exploited by attackers to obta...
Ping Identity: Internal Hostname disclosure from multiple Apache servers via blank host header method
This vulnerability was due to a general misconfiguration of Apache servers; this is a good example of the importance of "Secure Defaults" in open-source projects. An example of a generic request and response would be: openssl sclient -connect apache.example.com:443 GET apache.example.com/foo...
Project Pier Arbitrary File Upload
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Project Pier...
More Sophisticated DDoS Attack a New Threat to Apache Servers
A once flawed DDoS attack targeting the world’s most widely used Web servers has improved its cryptography and attack capabilities to become a more serious threat. MP-DDoser, also known as “IP-Killer,” uses a relatively new low-bandwidth, “asymmetrical” HTTP attack to inflict a denial-of-service...
GLSA-200909-03 : Apache Portable Runtime, APR Utility Library: Execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-200909-03 Apache Portable Runtime, APR Utility Library: Execution of arbitrary code Matt Lewis reported multiple Integer overflows in the aprrmmmalloc, aprrmmcalloc, and aprrmmrealloc functions in misc/aprrmm.c of APR-Util and in...
Multiple Remote Vulnerabilities in Wordpress
Advisory: Multiple Remote Vulnerabilities in Wordpress Advisory ID: 4tphi-sa-20070111-wordpress Release Date: 01-24-2007 Author: Blake Matheny [email protected] Software: WordPress 2.1 Impact: Remote & Local DoS, File Disclosure Overview: From Wikipedia, "WordPress is a blog publishing syste...
bitweaver <= 1.3 (tmpImagePath) Attachment mod_mime Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "bitweaver = v1.3 'tmpImagePath' attachment modmime exploit\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "dork: "powered by bitweaver"\r\n\r\n"; if $argc4 echo...
Bitweaver 1.3 - tmpImagePath Attachment mod_mime
Bitweaver 1.3 - tmpImagePath Attachment modmime !/usr/bin/php -q -d shortopentag=on mErrors'articleimage'...
GLSA-200402-01 : PHP setting leaks from .htaccess files on virtual hosts
The remote host is affected by the vulnerability described in GLSA-200402-01 PHP setting leaks from .htaccess files on virtual hosts If the server configuration 'php.ini' file has 'registerglobals = on' and a request is made to one virtual host which has 'phpadminflag registerglobals off' and the...
mod_access_referer -- null pointer dereference vulnerability
A malformed Referer header field causes the Apache apparseuricomponents function to discard it with the result that a pointer is not initialized. The modaccessreferer module does not take this into account with the result that it may use such a pointer. The null pointer vulnerability may possibly...