12 matches found
EUVD-2019-4602
Malware in sbrugna...
PT-2025-29202
Name of the Vulnerable Software and Affected Versions Apache Service Control affected versions not specified Description The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation. Recommendations At the moment,...
cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding
A server-side request forgery SSRF vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted...
XAMPP - Buffer Overflow Exploit
Exploit Title: XAMPP v3.3.0 — '.ini' Buffer Overflow Unicode + SEH Author: Talson @Ripp3rdoc Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/8.0.28/xampp-windows-x64-8.0.28-0-VS16-installer.exe Version: 3.3.0 Tested on: Windows 11 CVE-2023-46517 \ / \ \ /| | || | /| ||...
CVE-2023-44313
Server-Side Request Forgery SSRF vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0include. Users are recommended to upgrade to version 2.2.0, which fixes the...
CXF: directory listing / code exfiltration
A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to ...
Security Bulletin: Vulnerability in Apache HTTP Server affect Cloud Pak System (CVE-2006-20001)
Summary Denial of service vulnerability in moddav module of Apache HTTP Server affects Cloud Pak System. Vulnerability Details CVEID:CVE-2006-20001 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by an out-of-bounds read or write of zero in moddav. By sending a...
CVE-2019-13035
Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS the current directory a...
Privilege escalation
Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS the current directory a...
CVE-2019-13035
Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS the current directory a...
Cisco WebEx MeetMeNow Server Directory Traversal Vulnerability
A vulnerability in a PHP file in the Cisco WebEx MeetMeNow Server could allow an authenticated, remote attacker to obtain the contents of arbitrary files on an affected device. The vulnerability is due to improper sanitization of user input. An exploit could allow the attacker to view the content...
Oracle9i Application Server Apache PL/SQL module does not properly handle HTTP Authorization header
Overview A vulnerability exists in the way the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS handles HTTP Authorization headers. This vulnerability could allow an unauthenticated remote attacker to crash the Apache service. Description...